Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22709 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2021-22712 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-03-17 | 9.3 HIGH | 7.8 HIGH |
| A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address. | |||||
| CVE-2017-11882 | 1 Microsoft | 1 Office | 2021-03-16 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | |||||
| CVE-2018-13381 | 1 Fortinet | 2 Fortios, Fortiproxy | 2021-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message payloads. | |||||
| CVE-2021-21118 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-28036 | 1 Quinn Project | 1 Quinn | 2021-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | |||||
| CVE-2018-6381 | 2 Canonical, Zziplib Project | 2 Ubuntu Linux, Zziplib | 2021-03-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data. | |||||
| CVE-2016-10093 | 1 Libtiff | 1 Libtiff | 2021-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-10092 | 1 Libtiff | 1 Libtiff | 2021-03-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2021-1713 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2021-03-04 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714. | |||||
| CVE-2020-25690 | 1 Fontforge | 1 Fontforge | 2021-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-21140 | 2 Google, Microsoft | 2 Chrome, Edge | 2021-02-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | |||||
| CVE-2021-27376 | 1 Nb-connect Project | 1 Nb-connect | 2021-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | |||||
| CVE-2017-9937 | 1 Libtiff | 1 Libtiff | 2021-02-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. | |||||
| CVE-2016-2148 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2021-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | |||||
| CVE-2021-21449 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-21451 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-21450 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-21453 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-21452 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||