Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21614 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41205 | 1 Google | 1 Tensorflow | 2024-11-21 | 7.1 High |
| TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | ||||
| CVE-2021-41099 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 7 more | 2024-11-21 | 7.5 High |
| Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | ||||
| CVE-2021-41054 | 2 Atftp Project, Debian | 2 Atftp, Debian Linux | 2024-11-21 | 7.5 High |
| tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. | ||||
| CVE-2021-41040 | 1 Eclipse | 1 Wakaama | 2024-11-21 | 7.5 High |
| In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. | ||||
| CVE-2021-40985 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2024-11-21 | 5.5 Medium |
| A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | ||||
| CVE-2021-40848 | 1 Mahara | 1 Mahara | 2024-11-21 | 7.8 High |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection. | ||||
| CVE-2021-40818 | 1 Glewlwyd Sso Server Project | 1 Glewlwyd Sso Server | 2024-11-21 | 9.8 Critical |
| scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration. | ||||
| CVE-2021-40812 | 1 Libgd | 1 Libgd | 2024-11-21 | 6.5 Medium |
| The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks. | ||||
| CVE-2021-40723 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 5.5 Medium |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-40606 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||||
| CVE-2021-40568 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40516 | 2 Debian, Weechat | 2 Debian Linux, Weechat | 2024-11-21 | 7.5 High |
| WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. | ||||
| CVE-2021-40284 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 6.5 Medium |
| D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request. | ||||
| CVE-2021-40239 | 1 Miniftpd Project | 1 Miniftpd | 2024-11-21 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c | ||||
| CVE-2021-40167 | 1 Autodesk | 1 Design Review | 2024-11-21 | 7.8 High |
| A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2021-40162 | 1 Autodesk | 19 Autocad, Autocad Advance Steel, Autocad Architecture and 16 more | 2024-11-21 | 7.8 High |
| A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | ||||
| CVE-2021-40160 | 1 Autodesk | 13 Advance Steel, Autocad, Autocad Architecture and 10 more | 2024-11-21 | 7.8 High |
| PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code. | ||||
| CVE-2021-40158 | 1 Autodesk | 11 Advance Steel, Autocad, Autocad Architecture and 8 more | 2024-11-21 | 7.8 High |
| A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2021-40155 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 7.8 High |
| A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code. | ||||
| CVE-2021-40154 | 1 Nxp | 6 Lpc55s69jbd100, Lpc55s69jbd100 Firmware, Lpc55s69jbd64 and 3 more | 2024-11-21 | 6.1 Medium |
| NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory. | ||||