Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1504 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2021-1445 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-25693 | 2 Cimg, Fedoraproject | 2 Cimg, Fedora | 2021-05-05 | 5.8 MEDIUM | 8.1 HIGH |
| A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. | |||||
| CVE-2021-31433 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-04 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12333. | |||||
| CVE-2021-31434 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-04 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12377. | |||||
| CVE-2021-31437 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-04 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12384. | |||||
| CVE-2021-31436 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-04 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376. | |||||
| CVE-2021-31438 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2021-05-04 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12443. | |||||
| CVE-2021-1805 | 1 Apple | 2 Mac Os X, Macos | 2021-05-04 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-0430 | 1 Google | 1 Android | 2021-05-04 | 10.0 HIGH | 9.8 CRITICAL |
| In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766 | |||||
| CVE-2020-27897 | 1 Apple | 2 Mac Os X, Macos | 2021-05-04 | 7.2 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-20515 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Informix Dynamic Server and 3 more | 2021-04-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366. | |||||
| CVE-2021-22664 | 1 Criticalmanufacturing | 1 Cncsoft-b | 2021-04-30 | 6.8 MEDIUM | 7.8 HIGH |
| CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-25670 | 1 Siemens | 1 Tecnomatix Robotexpert | 2021-04-30 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12608) | |||||
| CVE-2019-0161 | 1 Tianocore | 1 Edk Ii | 2021-04-29 | 2.1 LOW | 5.5 MEDIUM |
| Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-27752 | 1 Imagemagick | 1 Imagemagick | 2021-04-28 | 5.8 MEDIUM | 7.1 HIGH |
| A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2017-12876 | 1 Imagemagick | 1 Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | |||||
| CVE-2021-20546 | 1 Ibm | 2 Spectrum Protect Client, Spectrum Protect For Space Management | 2021-04-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934 | |||||
| CVE-2018-14807 | 1 Opto22 | 1 Pac Control | 2021-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution. | |||||
| CVE-2020-23907 | 1 Avast | 1 Retdec | 2021-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in retdec v3.3. In function canSplitFunctionOn() of ir_modifications.cpp, there is a possible out of bounds read due to a heap buffer overflow. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. | |||||