Search Results (364661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-45940 1 Libbpf Project 1 Libbpf 2024-11-21 6.5 Medium
libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).
CVE-2021-45939 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).
CVE-2021-45938 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).
CVE-2021-45937 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).
CVE-2021-45936 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).
CVE-2021-45935 1 Grok Project 1 Grok 2024-11-21 5.5 Medium
Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).
CVE-2021-45934 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).
CVE-2021-45933 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).
CVE-2021-45932 1 Wolfssl 1 Wolfmqtt 2024-11-21 5.5 Medium
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).
CVE-2021-45931 2 Fedoraproject, Harfbuzz Project 2 Fedora, Harfbuzz 2024-11-21 6.5 Medium
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).
CVE-2021-45930 4 Debian, Fedoraproject, Qt and 1 more 4 Debian Linux, Fedora, Qtsvg and 1 more 2024-11-21 5.5 Medium
Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).
CVE-2021-45929 1 Wasm3 Project 1 Wasm3 2024-11-21 5.5 Medium
Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from CompileElseBlock and Compile_If).
CVE-2021-45928 1 Libjxl Project 1 Libjxl 2024-11-21 5.5 Medium
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
CVE-2021-45927 1 Mdbtools Project 1 Mdbtools 2024-11-21 7.8 High
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).
CVE-2021-45926 1 Mdbtools Project 1 Mdbtools 2024-11-21 7.8 High
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd0c689be0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).
CVE-2021-45919 1 Std42 1 Elfinder 2024-11-21 5.4 Medium
Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.
CVE-2021-45918 1 Nhi 1 Health Insurance Web Service Component 2024-11-21 7.5 High
NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.
CVE-2021-45917 1 Sun Moon Jingyao 2 Network Computer Terminal Protection System, Network Computer Terminal Protection System Firmware 2024-11-21 8 High
The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local registry information to launch server-side request forgery (SSRF) attack on another agent computer, resulting in arbitrary code execution for controlling the system or disrupting service.
CVE-2021-45916 1 Smr 1 Shenwang Endpoint Protection Security System 2024-11-21 3.5 Low
The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.
CVE-2021-45915 1 Luxsoft 1 Luxcal 2024-11-21 9.8 Critical
In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.