Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2022-09-23 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2021-35134 | 1 Qualcomm | 60 Qca6391, Qca6391 Firmware, Qcm6490 and 57 more | 2022-09-08 | N/A | 8.4 HIGH |
| Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-4155 | 1 Linux | 1 Linux Kernel | 2022-08-29 | N/A | 5.5 MEDIUM |
| A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | |||||
| CVE-2021-21782 | 1 Accusoft | 1 Imagegear | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21776 | 1 Accusoft | 1 Imagegear | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21773 | 1 Accusoft | 1 Imagegear | 2022-07-29 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13585 | 1 Accusoft | 1 Imagegear | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-1647 | 1 Microsoft | 11 Security Essentials, System Center Endpoint Protection, Windows 10 and 8 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-28039 | 3 Linux, Netapp, Xen | 4 Linux Kernel, Cloud Backup, Solidfire Baseboard Management Controller Firmware and 1 more | 2022-07-12 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. | |||||
| CVE-2021-27378 | 1 Rand Core Project | 1 Rand Core | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. | |||||
| CVE-2020-13546 | 1 Softmaker | 1 Office Textmaker 2021 | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | |||||
| CVE-2018-4038 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | |||||
| CVE-2020-6070 | 2 F2fs-tools Project, Fedoraproject | 2 F2fs-tools, Fedora | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-38435 | 1 Rti | 2 Connext Dds Professional, Connext Dds Secure | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. | |||||
| CVE-2021-38423 | 1 Gurum | 1 Gurumdds | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. | |||||
| CVE-2020-6116 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6106 | 1 F2fs-tools Project | 1 F2fs-tools | 2022-05-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-6108 | 1 F2fs-tools Project | 1 F2fs-tools | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-6113 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | |||||
| CVE-2022-22137 | 1 Accusoft | 1 Imagegear | 2022-05-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. | |||||