Total
13464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42024 | 1 Siemens | 1 Simcenter Star-ccm\+ Viewer | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-42012 | 1 Trendmicro | 3 Apex One, Worry-free Business Security, Worry-free Business Security Services | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-42008 | 3 Debian, Linux, Netapp | 20 Debian Linux, Linux Kernel, H300e and 17 more | 2024-11-21 | 7.8 High |
| The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | ||||
| CVE-2021-41987 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 8.1 High |
| In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. | ||||
| CVE-2021-41864 | 5 Debian, Fedoraproject, Linux and 2 more | 25 Debian Linux, Fedora, Linux Kernel and 22 more | 2024-11-21 | 7.8 High |
| prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | ||||
| CVE-2021-41736 | 1 Grame | 1 Faust | 2024-11-21 | 9.8 Critical |
| Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. | ||||
| CVE-2021-41683 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | ||||
| CVE-2021-41459 | 1 Gpac | 1 Mp4box | 2024-11-21 | 7.5 High |
| There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability. | ||||
| CVE-2021-41458 | 1 Gpac | 1 Mp4box | 2024-11-21 | 5.5 Medium |
| In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | ||||
| CVE-2021-41457 | 1 Gpac | 1 Mp4box | 2024-11-21 | 7.5 High |
| There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. | ||||
| CVE-2021-41456 | 1 Gpac | 1 Mp4box | 2024-11-21 | 7.5 High |
| There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. | ||||
| CVE-2021-41396 | 1 Live555 | 1 Live555 | 2024-11-21 | 7.5 High |
| Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack. | ||||
| CVE-2021-41221 | 1 Google | 1 Tensorflow | 2024-11-21 | 7.8 High |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | ||||
| CVE-2021-41216 | 1 Google | 1 Tensorflow | 2024-11-21 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | ||||
| CVE-2021-41159 | 3 Fedoraproject, Freerdp, Redhat | 4 Fedora, Freerdp, Enterprise Linux and 1 more | 2024-11-21 | 5.8 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. | ||||
| CVE-2021-41099 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 7 more | 2024-11-21 | 7.5 High |
| Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | ||||
| CVE-2021-41036 | 1 Eclipse | 1 Paho Mqtt C\/c\+\+ Client | 2024-11-21 | 9.8 Critical |
| In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket. | ||||
| CVE-2021-41027 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.3 High |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device. | ||||
| CVE-2021-41017 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests. | ||||
| CVE-2021-40942 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | ||||