Export limit exceeded: 15278 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15278 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32537 | 1 Realtek | 1 Hda Driver | 2024-11-21 | 6.5 Medium |
| Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. | ||||
| CVE-2021-32493 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 7.8 High |
| A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. | ||||
| CVE-2021-32492 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 7.8 High |
| A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. | ||||
| CVE-2021-32490 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 7.8 High |
| A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. | ||||
| CVE-2021-32072 | 1 Mitel | 1 Micollab | 2024-11-21 | 6.5 Medium |
| The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods. | ||||
| CVE-2021-32067 | 1 Mitel | 1 Micollab | 2024-11-21 | 6.5 Medium |
| The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. | ||||
| CVE-2021-32055 | 2 Mutt, Neomutt | 2 Mutt, Neomutt | 2024-11-21 | 9.1 Critical |
| Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. | ||||
| CVE-2021-32027 | 2 Postgresql, Redhat | 7 Postgresql, Ansible Automation Platform, Enterprise Linux and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-32020 | 1 Amazon | 1 Freertos | 2024-11-21 | 9.8 Critical |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory. | ||||
| CVE-2021-31977 | 1 Microsoft | 10 Windows 10, Windows 10 1507, Windows 10 1607 and 7 more | 2024-11-21 | 8.6 High |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2021-31806 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Cloud Manager and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | ||||
| CVE-2021-31617 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 9.8 Critical |
| In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | ||||
| CVE-2021-31495 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. | ||||
| CVE-2021-31493 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. | ||||
| CVE-2021-31472 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13011. | ||||
| CVE-2021-31261 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command. | ||||
| CVE-2021-30640 | 4 Apache, Debian, Oracle and 1 more | 10 Tomcat, Debian Linux, Communications Cloud Native Core Policy and 7 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | ||||
| CVE-2021-30589 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. | ||||
| CVE-2021-30530 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | ||||
| CVE-2021-30472 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 7.8 High |
| A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | ||||