Total
2629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41197 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41195 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overflows an `int64_t` value, `AddDim` results in a `CHECK` failure which provokes a `std::abort`. Instead, code should use `AddDimWithStatus`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-41099 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 2 more | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | |||||
| CVE-2021-40417 | 1 Blackmagicdesign | 1 Davinci Resolve | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application. | |||||
| CVE-2021-40346 | 3 Debian, Fedoraproject, Haproxy | 3 Debian Linux, Fedora, Haproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | |||||
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | |||||
| CVE-2021-3782 | 1 Wayland | 1 Wayland | 2024-11-21 | N/A | 6.6 MEDIUM |
| An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. | |||||
| CVE-2021-3624 | 2 Dcraw Project, Debian | 2 Dcraw, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | |||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 4.9 MEDIUM | 6.0 MEDIUM |
| An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3520 | 4 Lz4 Project, Netapp, Oracle and 1 more | 7 Lz4, Active Iq Unified Manager, Cloud Backup and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | |||||
| CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | |||||
| CVE-2021-3476 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | |||||
| CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | |||||
| CVE-2021-3474 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. | |||||
| CVE-2021-3428 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. | |||||
| CVE-2021-3420 | 2 Fedoraproject, Newlib Project | 2 Fedora, Newlib | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. | |||||
| CVE-2021-3410 | 3 Debian, Fedoraproject, Libcaca Project | 3 Debian Linux, Fedora, Libcaca | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | |||||
| CVE-2021-3402 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4 | |||||
| CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | |||||
| CVE-2021-39993 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||