Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3057 | 1 Paloaltonetworks | 1 Globalprotect | 2021-10-20 | 9.3 HIGH | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux. | |||||
| CVE-2020-21533 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2021-10-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | |||||
| CVE-2020-3198 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2021-10-19 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3545 | 1 Cisco | 10 Firepower 4110, Firepower 4112, Firepower 4115 and 7 more | 2021-10-19 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability. | |||||
| CVE-2020-3269 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2021-10-19 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3603 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2021-10-19 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2020-3604 | 1 Cisco | 1 Webex Meetings | 2021-10-19 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2021-37199 | 1 Siemens | 4 Sinumerik 808d, Sinumerik 808d Firmware, Sinumerik 828d and 1 more | 2021-10-19 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | |||||
| CVE-2021-3330 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fj4r-373f-9456 | |||||
| CVE-2020-22678 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-22677 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-22675 | 1 Gpac | 1 Gpac | 2021-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-27006 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182) | |||||
| CVE-2020-27000 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018) | |||||
| CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
| CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2021-10-18 | 5.8 MEDIUM | 8.8 HIGH |
| Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | |||||
| CVE-2021-31986 | 1 Axis | 4 Axis Os, Axis Os 2016, Axis Os 2018 and 1 more | 2021-10-13 | 4.0 MEDIUM | 6.8 MEDIUM |
| User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. | |||||
| CVE-2021-3625 | 1 Zephyrproject | 1 Zephyr | 2021-10-13 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | |||||
| CVE-2021-25469 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. | |||||
| CVE-2021-25479 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 6.5 MEDIUM | 7.2 HIGH |
| A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | |||||