Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-119
Total 11507 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more 2022-01-25 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2021-1111 1 Nvidia 5 Jetson Agx Xavier, Jetson Linux, Jetson Tx2 and 2 more 2022-01-25 3.6 LOW 3.5 LOW
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components.
CVE-2021-45293 1 Webassembly 1 Binaryen 2022-01-24 4.3 MEDIUM 5.5 MEDIUM
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.
CVE-2021-45767 1 Gpac 1 Gpac 2022-01-21 4.3 MEDIUM 5.5 MEDIUM
GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-45764 1 Gpac 1 Gpac 2022-01-21 4.3 MEDIUM 5.5 MEDIUM
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().
CVE-2021-41771 2 Fedoraproject, Golang 2 Fedora, Go 2022-01-21 5.0 MEDIUM 7.5 HIGH
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
CVE-2021-44712 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2022-01-21 4.3 MEDIUM 5.5 MEDIUM
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-45067 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2022-01-21 4.3 MEDIUM 5.5 MEDIUM
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2019-10655 1 Grandstream 10 Gac2500, Gac2500 Firmware, Gvc3202 and 7 more 2022-01-20 7.5 HIGH 9.8 CRITICAL
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.
CVE-2021-45762 1 Gpac 1 Gpac 2022-01-20 4.3 MEDIUM 5.5 MEDIUM
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2021-46020 1 Mruby 1 Mruby 2022-01-20 5.0 MEDIUM 7.5 HIGH
An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.
CVE-2021-45760 1 Gpac 1 Gpac 2022-01-20 4.3 MEDIUM 5.5 MEDIUM
GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2021-0004 1 Intel 2 Ethernet Controller E810, Ethernet Controller E810 Firmware 2022-01-20 2.1 LOW 4.4 MEDIUM
Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-1106 1 Nvidia 8 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 5 more 2022-01-19 4.6 MEDIUM 7.8 HIGH
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.
CVE-2021-1094 1 Nvidia 1 Gpu Display Driver 2022-01-18 3.6 LOW 6.1 MEDIUM
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.
CVE-2021-34934 1 Bentley 2 Bentley View, Microstation 2022-01-14 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912.
CVE-2021-34874 1 Bentley 2 Bentley View, Microstation 2022-01-14 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14736.
CVE-2021-4010 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2022-01-13 4.6 MEDIUM 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-4009 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2022-01-13 4.6 MEDIUM 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-4011 3 Debian, Fedoraproject, X.org 3 Debian Linux, Fedora, X Server 2022-01-13 4.6 MEDIUM 7.8 HIGH
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.