Total
12418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28233 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. | |||||
| CVE-2021-28211 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | |||||
| CVE-2021-28136 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. | |||||
| CVE-2021-28026 | 1 Jpeg | 1 Jpeg-xl | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service. | |||||
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | |||||
| CVE-2021-27954 | 1 Ecobee | 2 Ecobee3 Lite, Ecobee3 Lite Firmware | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service. | |||||
| CVE-2021-27804 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. | |||||
| CVE-2021-27799 | 1 Zint | 1 Barcode Generator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code. | |||||
| CVE-2021-27790 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account. | |||||
| CVE-2021-27634 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27633 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27628 | 1 Sap | 1 Netweaver As Abap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27627 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27626 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27625 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27624 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27623 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27622 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27620 | 1 Sap | 1 Netweaver As Internet Graphics Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2021-27488 | 3 Datakit, Luxion, Siemens | 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||