Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-682
Total 81 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17264 1 Liblnk Project 1 Liblnk 2021-07-21 2.1 LOW 3.3 LOW
** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue.
CVE-2020-28030 3 Debian, Fedoraproject, Wireshark 3 Debian Linux, Fedora, Wireshark 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.
CVE-2020-0221 1 Google 1 Android 2021-07-21 7.5 HIGH 9.8 CRITICAL
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851
CVE-2019-2232 1 Google 1 Android 2021-07-21 7.8 HIGH 7.5 HIGH
In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678
CVE-2016-7433 1 Ntp 1 Ntp 2021-07-16 5.0 MEDIUM 5.3 MEDIUM
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVE-2021-29945 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2021-06-30 4.3 MEDIUM 6.5 MEDIUM
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2020-28393 1 Siemens 22 Scalance Xm-400, Scalance Xm-400 Firmware, Scalance Xm408-4c and 19 more 2021-05-21 7.1 HIGH 7.5 HIGH
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
CVE-2021-3004 1 Stableyieldcredit Project 1 Stableyieldcredit 2021-01-07 5.0 MEDIUM 7.5 HIGH
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
CVE-2020-26265 1 Ethereum 1 Go Ethereum 2020-12-14 3.5 LOW 5.3 MEDIUM
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included in the Paragade release version 1.9.20. No individual workaround patches have been made -- all users are recommended to upgrade to a newer version.
CVE-2020-26241 1 Ethereum 1 Go Ethereum 2020-12-03 5.5 MEDIUM 7.1 HIGH
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.
CVE-2020-26240 1 Ethereum 1 Go Ethereum 2020-12-03 5.0 MEDIUM 7.5 HIGH
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24
CVE-2019-1918 1 Cisco 2 Carrier Routing System, Ios Xr 2020-10-16 6.1 MEDIUM 7.4 HIGH
A vulnerability in the implementation of Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS&ndash;IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS&ndash;IS process, resulting in a DoS condition.
CVE-2018-18225 3 Debian, Opensuse, Wireshark 3 Debian Linux, Leap, Wireshark 2020-10-15 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
CVE-2019-16347 1 Ngiflib Project 1 Ngiflib 2020-08-24 6.8 MEDIUM 8.8 HIGH
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2019-16346 1 Ngiflib Project 1 Ngiflib 2020-08-24 6.8 MEDIUM 8.8 HIGH
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2018-16781 1 Ffjpeg Project 1 Ffjpeg 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.
CVE-2019-5853 1 Google 1 Chrome 2020-08-24 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-19578 2 Fedoraproject, Xen 2 Fedora, Xen 2020-08-24 7.2 HIGH 8.8 HIGH
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.
CVE-2018-20999 1 Orion Project 1 Orion 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.
CVE-2019-17514 1 Python 1 Python 2020-07-27 5.0 MEDIUM 7.5 HIGH
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.