Total
13899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44016 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) | ||||
| CVE-2021-43083 | 1 Apache | 1 Plc4x | 2024-11-21 | 8.8 High |
| Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together. | ||||
| CVE-2021-42739 | 6 Debian, Fedoraproject, Linux and 3 more | 10 Debian Linux, Fedora, Linux Kernel and 7 more | 2024-11-21 | 6.7 Medium |
| The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | ||||
| CVE-2021-42726 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2024-11-21 | 7.8 High |
| Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
| CVE-2021-42725 | 1 Adobe | 1 Bridge | 2024-11-21 | 7.8 High |
| Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
| CVE-2021-42659 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 6.5 Medium |
| There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. | ||||
| CVE-2021-42327 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-11-21 | 6.7 Medium |
| dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. | ||||
| CVE-2021-42262 | 1 Softing | 3 Datafeed Opc Suite, Opc Ua C\+\+ Software Development Kit, Secure Integration Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. | ||||
| CVE-2021-42252 | 2 Linux, Netapp | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2024-11-21 | 7.8 High |
| An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. | ||||
| CVE-2021-41991 | 4 Debian, Fedoraproject, Siemens and 1 more | 46 Debian Linux, Fedora, Cp 1543-1 and 43 more | 2024-11-21 | 7.5 High |
| The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | ||||
| CVE-2021-41990 | 4 Debian, Fedoraproject, Siemens and 1 more | 37 Debian Linux, Fedora, 6gk5615-0aa00-2aa2 and 34 more | 2024-11-21 | 7.5 High |
| The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. | ||||
| CVE-2021-41816 | 3 Fedoraproject, Redhat, Ruby-lang | 4 Fedora, Rhel Software Collections, Cgi and 1 more | 2024-11-21 | 9.8 Critical |
| CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. | ||||
| CVE-2021-41771 | 4 Debian, Fedoraproject, Golang and 1 more | 6 Debian Linux, Fedora, Go and 3 more | 2024-11-21 | 7.5 High |
| ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | ||||
| CVE-2021-41496 | 2 Numpy, Redhat | 2 Numpy, Openstack | 2024-11-21 | 5.5 Medium |
| Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally) | ||||
| CVE-2021-41289 | 1 Asus | 2 P453uj, P453uj Bios | 2024-11-21 | 6.3 Medium |
| ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot. | ||||
| CVE-2021-41121 | 1 Vyperlang | 1 Vyper | 2024-11-21 | 7.5 High |
| Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. | ||||
| CVE-2021-41073 | 4 Debian, Fedoraproject, Linux and 1 more | 21 Debian Linux, Fedora, Linux Kernel and 18 more | 2024-11-21 | 7.8 High |
| loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | ||||
| CVE-2021-40771 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2024-11-21 | N/A |
| Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. | ||||
| CVE-2021-40765 | 3 Adobe, Apple, Microsoft | 3 Character Animator, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
| CVE-2021-40715 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2024-11-21 | 7.8 High |
| Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. | ||||