Export limit exceeded: 21678 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21678 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39602 | 1 Miniftpd Project | 1 Miniftpd | 2024-11-21 | 6.5 Medium |
| A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service. | ||||
| CVE-2021-39247 | 1 Zint | 1 Barcode Generator | 2024-11-21 | 6.5 Medium |
| Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_ascii in code1.c, and rs_encode_uint in reedsol.c. | ||||
| CVE-2021-39238 | 1 Hp | 3 Futuresmart 3, Futuresmart 4, Futuresmart 5 | 2024-11-21 | 9.8 Critical |
| Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. | ||||
| CVE-2021-39218 | 2 Bytecodealliance, Fedoraproject | 2 Wasmtime, Fedora | 2024-11-21 | 6.3 Medium |
| Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`. | ||||
| CVE-2021-39193 | 1 Parity | 1 Frontier | 2024-11-21 | 5.3 Medium |
| Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch. | ||||
| CVE-2021-39022 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 8.8 High |
| IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858. | ||||
| CVE-2021-38772 | 1 Tendacn | 2 Ac10, Ac10 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | ||||
| CVE-2021-38692 | 1 Qnap | 3 Qvr Elite, Qvr Guard, Qvr Pro | 2024-11-21 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | ||||
| CVE-2021-38691 | 1 Qnap | 3 Qvr Elite, Qvr Guard, Qvr Pro | 2024-11-21 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | ||||
| CVE-2021-38690 | 1 Qnap | 3 Qvr Elite, Qvr Guard, Qvr Pro | 2024-11-21 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | ||||
| CVE-2021-38689 | 1 Qnap | 3 Qvr Elite, Qvr Guard, Qvr Pro | 2024-11-21 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later | ||||
| CVE-2021-38687 | 1 Qnap | 2 Qts, Surveillance Station | 2024-11-21 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later | ||||
| CVE-2021-38682 | 1 Qnap | 3 Qvr Elite, Qvr Guard, Qvr Pro | 2024-11-21 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later | ||||
| CVE-2021-38654 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2021-38564 | 1 Foxitsoftware | 2 Pdf Editor, Pdf Reader | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand. | ||||
| CVE-2021-38563 | 2 Foxit, Foxitsoftware | 2 Pdf Reader, Pdf Editor | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write). | ||||
| CVE-2021-38526 | 1 Netgear | 6 Rax35, Rax35 Firmware, Rax38 and 3 more | 2024-11-21 | 4.3 Medium |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94. | ||||
| CVE-2021-38517 | 1 Netgear | 8 R6400, R6400 Firmware, Rax75 and 5 more | 2024-11-21 | 6.9 Medium |
| Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, and XR300 before 1.0.3.50. | ||||
| CVE-2021-38501 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. | ||||
| CVE-2021-38500 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. | ||||