Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23861 | 1 Gnu | 1 Libredwg | 2021-05-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file. | |||||
| CVE-2020-21813 | 1 Gnu | 1 Libredwg | 2021-05-24 | 6.8 MEDIUM | 7.8 HIGH |
| A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114. | |||||
| CVE-2020-21831 | 1 Gnu | 1 Libredwg | 2021-05-24 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. | |||||
| CVE-2020-21814 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97. | |||||
| CVE-2020-21816 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46. | |||||
| CVE-2020-21818 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48. | |||||
| CVE-2020-21819 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51. | |||||
| CVE-2020-21830 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213. | |||||
| CVE-2020-21832 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417. | |||||
| CVE-2020-21833 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440. | |||||
| CVE-2020-21834 | 1 Gnu | 1 Libredwg | 2021-05-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164. | |||||
| CVE-2020-21836 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175. | |||||
| CVE-2020-21838 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842. | |||||
| CVE-2020-21840 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. | |||||
| CVE-2020-21841 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. | |||||
| CVE-2020-21842 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. | |||||
| CVE-2020-21843 | 1 Gnu | 1 Libredwg | 2021-05-21 | 6.8 MEDIUM | 8.8 HIGH |
| A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. | |||||
| CVE-2021-27413 | 1 Omron | 2 Cx-one, Cx-server | 2021-05-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-29609 | 1 Google | 1 Tensorflow | 2021-05-20 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of heap allocated data. The implementation(https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/sparse_add_op.cc) has a large set of validation for the two sparse tensor inputs (6 tensors in total), but does not validate that the tensors are not empty or that the second dimension of `*_indices` matches the size of corresponding `*_shape`. This allows attackers to send tensor triples that represent invalid sparse tensors to abuse code assumptions that are not protected by validation. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-29578 | 1 Google | 1 Tensorflow | 2021-05-20 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/dcba796a28364d6d7f003f6fe733d82726dda713/tensorflow/core/kernels/fractional_avg_pool_op.cc#L216) fails to validate that the pooling sequence arguments have enough elements as required by the `out_backprop` tensor shape. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||