Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9748 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-09-14 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate. | |||||
| CVE-2020-24413 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-9731 | 2 Adobe, Apple | 2 Indesign, Macos | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | |||||
| CVE-2020-24412 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24415 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24414 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2021-36179 | 1 Fortinet | 1 Fortiweb | 2021-09-14 | 6.5 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution | |||||
| CVE-2020-9730 | 2 Adobe, Apple | 2 Indesign, Macos | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | |||||
| CVE-2020-9729 | 2 Adobe, Apple | 2 Indesign, Macos | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | |||||
| CVE-2020-9728 | 2 Adobe, Apple | 2 Indesign, Macos | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | |||||
| CVE-2021-3491 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-09-14 | 7.2 HIGH | 8.8 HIGH |
| The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1). | |||||
| CVE-2021-3490 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-09-14 | 7.2 HIGH | 7.8 HIGH |
| The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1). | |||||
| CVE-2021-3489 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-09-14 | 7.2 HIGH | 7.8 HIGH |
| The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1). | |||||
| CVE-2019-5619 | 1 Aasync | 1 Aasync | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow. | |||||
| CVE-2019-5618 | 2 A-pdf, Microsoft | 2 Wav To Mp3, Windows | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow. | |||||
| CVE-2019-5621 | 1 Abbs Software Audio Media Player Project | 1 Abbs Software Audio Media Player | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| ABBS Software Audio Media Player version 3.1 suffers from an instance of CWE-121: Stack-based Buffer Overflow. | |||||
| CVE-2019-20326 | 3 Debian, Gnome, Linuxmint | 3 Debian Linux, Gthumb, Pix | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | |||||
| CVE-2019-9136 | 1 Datools | 1 Daviewindy | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9135 | 1 Datools | 1 Daviewindy | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-10882 | 1 Netskope | 1 Netskope | 2021-09-14 | 7.2 HIGH | 7.8 HIGH |
| The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. | |||||