Total
13454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43534 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2021-43527 | 5 Mozilla, Netapp, Oracle and 2 more | 17 Nss, Nss Esr, Cloud Backup and 14 more | 2024-11-21 | 9.8 Critical |
| NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. | ||||
| CVE-2021-43521 | 1 Zlog Project | 1 Zlog | 2024-11-21 | 7.5 High |
| A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. | ||||
| CVE-2021-43519 | 3 Fedoraproject, Lua, Redhat | 4 Fedora, Lua, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | ||||
| CVE-2021-43399 | 1 Yubico | 1 Yubihsm 2 Software Development Kit | 2024-11-21 | 7.5 High |
| The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device. | ||||
| CVE-2021-43390 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43336 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Jt2go, Solid Edge and 1 more | 2024-11-21 | 7.8 High |
| An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43280 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-43279 | 1 Opendesign | 1 Oda Prc Software Development Kit | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. | ||||
| CVE-2021-43247 | 1 Microsoft | 14 Windows 10, Windows 10 1809, Windows 10 1909 and 11 more | 2024-11-21 | 7.8 High |
| Windows TCP/IP Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-43215 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 9.8 Critical |
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | ||||
| CVE-2021-43174 | 2 Debian, Nlnetlabs | 2 Debian Linux, Routinator | 2024-11-21 | 7.5 High |
| NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element. | ||||
| CVE-2021-43086 | 1 Arm | 1 Adaptive Scalable Texture Compression Encoder | 2024-11-21 | 9.8 Critical |
| ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encoder project with -cl option was used, a stack-buffer-overflow occurred in function encode_ise() in function compress_symbolic_block_for_partition_2planes() in "/Source/astcenc_compress_symbolic.cpp". | ||||
| CVE-2021-43071 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.8 High |
| A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller. | ||||
| CVE-2021-43018 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPG file. | ||||
| CVE-2021-42756 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 9.3 Critical |
| Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. | ||||
| CVE-2021-42739 | 6 Debian, Fedoraproject, Linux and 3 more | 10 Debian Linux, Fedora, Linux Kernel and 7 more | 2024-11-21 | 6.7 Medium |
| The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | ||||
| CVE-2021-42727 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | 7.8 High |
| Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. | ||||
| CVE-2021-42707 | 1 We-con | 1 Plc Editor | 2024-11-21 | 7.8 High |
| PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-42692 | 1 Tinytoml Project | 1 Tinytoml | 2024-11-21 | 6.5 Medium |
| There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. | ||||