Total
245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6151 | 1 Accusoft | 1 Imagegear | 2024-08-04 | 9.8 Critical |
| A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-43537 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-08-04 | 8.8 High |
| An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-39989 | 1 Huawei | 1 Harmonyos | 2024-08-04 | 7.5 High |
| The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | ||||
| CVE-2021-39173 | 1 Catchethq | 1 Catchet | 2024-08-04 | 8.8 High |
| Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the middleware `ReadyForUse`, which now performs a stricter validation of the instance name. As a workaround, only allow trusted source IP addresses to access to the administration dashboard. | ||||
| CVE-2021-35110 | 1 Qualcomm | 12 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 9 more | 2024-08-04 | 8.1 High |
| Possible buffer overflow to improper validation of hash segment of file while allocating memory in Snapdragon Connectivity, Snapdragon Mobile | ||||
| CVE-2021-35105 | 1 Qualcomm | 314 Apq8009w, Apq8009w Firmware, Apq8017 and 311 more | 2024-08-04 | 8.4 High |
| Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-35091 | 1 Qualcomm | 12 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 9 more | 2024-08-04 | 8.4 High |
| Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile | ||||
| CVE-2021-33318 | 2 Ipmatcher Project, Watsonwebserver Project | 2 Ipmatcher, Watsonwebserver | 2024-08-03 | 9.8 Critical |
| An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets. | ||||
| CVE-2021-30300 | 1 Qualcomm | 220 Apq8009w, Apq8009w Firmware, Apq8017 and 217 more | 2024-08-03 | 7.5 High |
| Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-29662 | 2 Data\, Netapp | 2 \, Snapcenter | 2024-08-03 | 7.5 High |
| The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2021-29464 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-03 | 3.3 Low |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. | ||||
| CVE-2021-29424 | 2 Fedoraproject, Net\ | 2 Fedora, \ | 2024-08-03 | 7.5 High |
| The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2021-28918 | 2 Netmask Project, Redhat | 2 Netmask, Acm | 2024-08-03 | 9.1 Critical |
| Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. | ||||
| CVE-2021-28275 | 1 Jhead Project | 1 Jhead | 2024-08-03 | 5.5 Medium |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. | ||||
| CVE-2021-25175 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2024-08-03 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | ||||
| CVE-2021-3578 | 3 Debian, Fedoraproject, Isync Project | 3 Debian Linux, Fedora, Isync | 2024-08-03 | 7.8 High |
| A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client. | ||||
| CVE-2021-1923 | 1 Qualcomm | 168 Aqt1000, Aqt1000 Firmware, Qca6390 and 165 more | 2024-08-03 | 7.8 High |
| Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT | ||||
| CVE-2021-1027 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193033243 | ||||
| CVE-2022-41911 | 1 Google | 1 Tensorflow | 2024-08-03 | 4.8 Medium |
| TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||
| CVE-2022-41890 | 1 Google | 1 Tensorflow | 2024-08-03 | 4.8 Medium |
| TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||