Total
2630 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41253 | 1 Zyantific | 1 Zydis | 2024-11-21 | 5.9 Medium |
| Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version. | ||||
| CVE-2021-3984 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3973 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3968 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 8.0 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3927 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3903 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3875 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 5.5 Medium |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3861 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | ||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | ||||
| CVE-2021-3778 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3770 | 3 Fedoraproject, Netapp, Vim | 3 Fedora, Ontap Select Deploy Administration Utility, Vim | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3756 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 9.8 Critical |
| libmysofa is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3625 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 9.6 Critical |
| Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363 | ||||
| CVE-2021-3345 | 2 Gnupg, Oracle | 2 Libgcrypt, Communications Billing And Revenue Management | 2024-11-21 | 7.8 High |
| _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. | ||||
| CVE-2021-39863 | 3 Adobe, Apple, Microsoft | 8 Acrobat, Acrobat 2017, Acrobat Dc and 5 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-39823 | 2 Adobe, Linux | 2 Svg-native-viewer, Linux Kernel | 2024-11-21 | 7.8 High |
| Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
| CVE-2021-38415 | 1 Fujielectric | 2 V-server, V-simulator | 2024-11-21 | 7.8 High |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2021-37199 | 1 Siemens | 4 Sinumerik 808d, Sinumerik 808d Firmware, Sinumerik 828d and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | ||||
| CVE-2021-36065 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-34945 | 1 Bentley | 2 Bentley View, Microstation | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15054. | ||||