Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29612 | 1 Apple | 2 Mac Os X, Macos | 2021-04-08 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2021-1795 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2021-1796 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2020-9955 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-04-07 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2014-3676 | 1 Redhat | 1 Shim | 2021-04-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | |||||
| CVE-2020-27919 | 1 Apple | 1 Mac Os X | 2021-04-06 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-29941 | 1 Reorder Project | 1 Reorder | 2021-04-06 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small. | |||||
| CVE-2021-29942 | 1 Reorder Project | 1 Reorder | 2021-04-06 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large. | |||||
| CVE-2021-29930 | 1 Arenavec Project | 1 Arenavec | 2021-04-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default(). | |||||
| CVE-2010-2498 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2021-04-06 | 6.8 MEDIUM | N/A |
| The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. | |||||
| CVE-2021-3470 | 1 Redislabs | 1 Redis | 2021-04-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. | |||||
| CVE-2021-27269 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-04-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-12390. | |||||
| CVE-2017-5975 | 2 Debian, Zziplib Project | 2 Debian Linux, Zziplib | 2021-03-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | |||||
| CVE-2017-5976 | 2 Debian, Zziplib Project | 2 Debian Linux, Zziplib | 2021-03-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | |||||
| CVE-2020-7852 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2021-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2016-10328 | 2 Freetype, Oracle | 2 Freetype, Outside In Technology | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | |||||
| CVE-2020-1896 | 1 Facebook | 1 Hermes | 2021-03-26 | 6.8 MEDIUM | 9.8 CRITICAL |
| A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2017-9544 | 1 Echatserver | 1 Easy Chat Server | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code. | |||||
| CVE-2021-25346 | 1 Google | 1 Android | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. | |||||
| CVE-2020-7853 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution. | |||||