Total
13448 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32626 | 6 Debian, Fedoraproject, Netapp and 3 more | 11 Debian Linux, Fedora, Management Services For Element Software and 8 more | 2024-11-21 | 7.5 High |
| Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. | ||||
| CVE-2021-32625 | 2 Fedoraproject, Redislabs | 2 Fedora, Redis | 2024-11-21 | 7.5 High |
| Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB). | ||||
| CVE-2021-32493 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 7.8 High |
| A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. | ||||
| CVE-2021-32490 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 7.8 High |
| A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | ||||
| CVE-2021-32487 | 1 Mediatek | 19 Modem, Mt6739, Mt6761 and 16 more | 2024-11-21 | 7.5 High |
| In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456. | ||||
| CVE-2021-32486 | 1 Mediatek | 19 Modem, Mt6739, Mt6761 and 16 more | 2024-11-21 | 7.5 High |
| In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928. | ||||
| CVE-2021-32485 | 1 Mediatek | 19 Modem, Mt6739, Mt6761 and 16 more | 2024-11-21 | 7.5 High |
| In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926. | ||||
| CVE-2021-32484 | 1 Mediatek | 19 Modem, Mt6739, Mt6761 and 16 more | 2024-11-21 | 7.5 High |
| In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917. | ||||
| CVE-2021-32458 | 1 Trendmicro | 1 Home Network Security | 2024-11-21 | 7.8 High |
| Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. | ||||
| CVE-2021-32457 | 1 Trendmicro | 1 Home Network Security | 2024-11-21 | 7.8 High |
| Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. | ||||
| CVE-2021-32435 | 3 Abcm2ps Project, Debian, Fedoraproject | 3 Abcm2ps, Debian Linux, Fedora | 2024-11-21 | 5.5 Medium |
| Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2021-32420 | 1 Dpic Project | 1 Dpic | 2024-11-21 | 7.5 High |
| dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y. | ||||
| CVE-2021-32299 | 1 Pbrt Project | 1 Pbrt | 2024-11-21 | 7.8 High |
| An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet() located in paramset.h. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32298 | 1 Libiff Project | 1 Libiff | 2024-11-21 | 8.8 High |
| An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFF_errorId located in error.c. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32297 | 1 Lief-project | 1 Lief | 2024-11-21 | 8.8 High |
| An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32294 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | 8.8 High |
| An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32288 | 1 Nokia | 1 Heif | 2024-11-21 | 7.8 High |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32287 | 1 Nokia | 1 Heif | 2024-11-21 | 7.8 High |
| An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32286 | 1 Hcxtools Project | 1 Hcxtoold | 2024-11-21 | 7.8 High |
| An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution. | ||||
| CVE-2021-32281 | 1 Creolabs | 1 Gravity | 2024-11-21 | 7.8 High |
| An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution. | ||||