Total
2073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27253 | 1 Netgear | 84 Br200, Br200 Firmware, Br500 and 81 more | 2024-08-03 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303. | ||||
| CVE-2021-26691 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Http Server, Debian Linux, Fedora and 7 more | 2024-08-03 | 9.8 Critical |
| In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | ||||
| CVE-2021-26603 | 2 Bandisoft, Microsoft | 2 Ark Library, Windows | 2024-08-03 | 8.6 High |
| A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. | ||||
| CVE-2021-25668 | 1 Siemens | 58 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 55 more | 2024-08-03 | 9.8 Critical |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code. | ||||
| CVE-2021-25495 | 1 Samsung | 1 Notes | 2024-08-03 | 7.3 High |
| A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | ||||
| CVE-2021-25475 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-08-03 | 3.9 Low |
| A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2021-25479 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 7.2 High |
| A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2021-25383 | 1 Google | 1 Android | 2024-08-03 | 9 Critical |
| An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | ||||
| CVE-2021-25360 | 1 Google | 1 Android | 2024-08-03 | 9 Critical |
| An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | ||||
| CVE-2021-25449 | 1 Google | 1 Android | 2024-08-03 | 6.5 Medium |
| An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. | ||||
| CVE-2021-25387 | 1 Google | 1 Android | 2024-08-03 | 9 Critical |
| An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | ||||
| CVE-2021-25384 | 1 Google | 1 Android | 2024-08-03 | 9 Critical |
| An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | ||||
| CVE-2021-24036 | 1 Facebook | 2 Folly, Hhvm | 2024-08-03 | 9.8 Critical |
| Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. | ||||
| CVE-2021-24041 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-08-03 | 9.8 Critical |
| A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image. | ||||
| CVE-2021-24042 | 1 Whatsapp | 1 Whatsapp | 2024-08-03 | 9.8 Critical |
| The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor. | ||||
| CVE-2021-24025 | 1 Facebook | 1 Hhvm | 2024-08-03 | 9.8 Critical |
| Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | ||||
| CVE-2021-23165 | 1 Htmldoc Project | 1 Htmldoc | 2024-08-03 | 9.8 Critical |
| A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | ||||
| CVE-2021-22641 | 1 Fujielectric | 2 V-server, V-simulator | 2024-08-03 | 7.8 High |
| A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0). | ||||
| CVE-2021-21958 | 1 Hancom | 1 Hancom Office 2020 | 2024-08-03 | 7.8 High |
| A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21940 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-08-03 | 10.0 Critical |
| A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | ||||