Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15266 | 1 Google | 1 Tensorflow | 2021-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. | |||||
| CVE-2016-5017 | 1 Apache | 1 Zookeeper | 2021-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. | |||||
| CVE-2014-9295 | 1 Ntp | 1 Ntp | 2021-11-17 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. | |||||
| CVE-2015-3456 | 3 Qemu, Redhat, Xen | 5 Qemu, Enterprise Linux, Enterprise Virtualization and 2 more | 2021-11-17 | 7.7 HIGH | N/A |
| The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. | |||||
| CVE-2021-1973 | 1 Qualcomm | 394 Apq8009, Apq8009 Firmware, Apq8009w and 391 more | 2021-11-16 | 7.2 HIGH | 7.8 HIGH |
| A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2014-0088 | 1 F5 | 1 Nginx | 2021-11-10 | 7.5 HIGH | N/A |
| The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2009-3896 | 2 F5, Nginx | 2 Nginx, Nginx | 2021-11-10 | 5.0 MEDIUM | N/A |
| src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | |||||
| CVE-2021-22458 | 1 Huawei | 1 Harmonyos | 2021-11-02 | 4.6 MEDIUM | 7.8 HIGH |
| A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. | |||||
| CVE-2021-22474 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. | |||||
| CVE-2021-37002 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. | |||||
| CVE-2019-10245 | 2 Eclipse, Redhat | 6 Openj9, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load. | |||||
| CVE-2016-8377 | 1 Fatek | 2 Plc Winproladder, Plc Winproladder Firmware | 2021-10-28 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. | |||||
| CVE-2017-6023 | 1 Fatek | 5 Ethernet Module Configuration Tool Cbe Firmware, Ethernet Module Configuration Tool Cbeh Firmware, Ethernet Module Configuration Tool Cm25e Firmware and 2 more | 2021-10-28 | 9.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device. | |||||
| CVE-2021-0652 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 7.8 HIGH |
| In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185178568 | |||||
| CVE-2021-30316 | 1 Qualcomm | 154 Ar8031, Ar8031 Firmware, Csra6620 and 151 more | 2021-10-26 | 7.2 HIGH | 7.8 HIGH |
| Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-3889 | 1 Libmobi Project | 1 Libmobi | 2021-10-25 | 5.8 MEDIUM | 8.1 HIGH |
| libmobi is vulnerable to Use of Out-of-range Pointer Offset | |||||
| CVE-2021-3746 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2021-10-22 | 7.1 HIGH | 6.5 MEDIUM |
| A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. | |||||
| CVE-2020-3310 | 1 Cisco | 1 Firepower Device Manager On-box | 2021-10-19 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system. | |||||
| CVE-2020-3257 | 1 Cisco | 16 1120 Connected Grid Router, 1240 Connected Grid Router, Ios and 13 more | 2021-10-19 | 4.8 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-14392 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2021-10-19 | 2.1 LOW | 5.5 MEDIUM |
| An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | |||||