Export limit exceeded: 45922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-32493 2 Debian, Djvulibre Project 2 Debian Linux, Djvulibre 2024-11-21 7.8 High
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32492 2 Debian, Djvulibre Project 2 Debian Linux, Djvulibre 2024-11-21 7.8 High
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32491 2 Debian, Djvulibre Project 2 Debian Linux, Djvulibre 2024-11-21 7.8 High
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32490 2 Debian, Djvulibre Project 2 Debian Linux, Djvulibre 2024-11-21 7.8 High
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
CVE-2021-32489 1 Yubico 1 Yubihsm-shell 2024-11-21 4.4 Medium
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
CVE-2021-32469 1 Mediatek 20 Mt7603e, Mt7603e Firmware, Mt7610 and 17 more 2024-11-21 8.2 High
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0; Out-of-bounds read).
CVE-2021-32468 1 Mediatek 20 Mt7603e, Mt7603e Firmware, Mt7610 and 17 more 2024-11-21 8.2 High
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).
CVE-2021-32467 1 Mediatek 18 Mt7603e, Mt7603e Firmware, Mt7612 and 15 more 2024-11-21 8.2 High
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).
CVE-2021-32439 1 Gpac 1 Gpac 2024-11-21 7.8 High
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVE-2021-32436 3 Abcm2ps Project, Debian, Fedoraproject 3 Abcm2ps, Debian Linux, Fedora 2024-11-21 6.5 Medium
An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.
CVE-2021-32434 3 Abcm2ps Project, Debian, Fedoraproject 3 Abcm2ps, Debian Linux, Fedora 2024-11-21 5.5 Medium
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.
CVE-2021-32422 1 Dpic Project 1 Dpic 2024-11-21 7.5 High
dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.
CVE-2021-32265 1 Axiosys 1 Bento4 2024-11-21 8.8 High
An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.
CVE-2021-32256 1 Gnu 1 Binutils 2024-11-21 6.5 Medium
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.
CVE-2021-32078 1 Linux 1 Linux Kernel 2024-11-21 7.1 High
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
CVE-2021-32072 1 Mitel 1 Micollab 2024-11-21 6.5 Medium
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods.
CVE-2021-32070 1 Mitel 1 Micollab 2024-11-21 5.4 Medium
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users.
CVE-2021-32067 1 Mitel 1 Micollab 2024-11-21 6.5 Medium
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.
CVE-2021-32055 2 Mutt, Neomutt 2 Mutt, Neomutt 2024-11-21 9.1 Critical
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
CVE-2021-32040 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16. Workaround: >= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.