Total
3123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32489 | 1 Yubico | 1 Yubihsm-shell | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product. | ||||
| CVE-2021-32027 | 2 Postgresql, Redhat | 7 Postgresql, Ansible Automation Platform, Enterprise Linux and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-31873 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. | ||||
| CVE-2021-31872 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. | ||||
| CVE-2021-31871 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 7.5 High |
| An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. | ||||
| CVE-2021-31870 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. | ||||
| CVE-2021-31808 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Cloud Manager and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | ||||
| CVE-2021-31807 | 4 Fedoraproject, Netapp, Redhat and 1 more | 4 Fedora, Cloud Manager, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | ||||
| CVE-2021-31642 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 6.5 Medium |
| A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. | ||||
| CVE-2021-31572 | 1 Amazon | 1 Freertos | 2024-11-21 | 9.8 Critical |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | ||||
| CVE-2021-31571 | 1 Amazon | 1 Freertos | 2024-11-21 | 9.8 Critical |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. | ||||
| CVE-2021-31426 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791. | ||||
| CVE-2021-31425 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790. | ||||
| CVE-2021-31319 | 1 Telegram | 1 Telegram | 2024-11-21 | 5.5 Medium |
| Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
| CVE-2021-31292 | 4 Debian, Exiv2, Fedoraproject and 1 more | 4 Debian Linux, Exiv2, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. | ||||
| CVE-2021-30952 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-11-21 | 7.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30907 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2024-11-21 | 7.8 High |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevate privileges. | ||||
| CVE-2021-30760 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 7.8 High |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | ||||
| CVE-2021-30636 | 1 Mediatek | 1 Linkit Software Development Kit | 2024-11-21 | 9.8 Critical |
| In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. | ||||
| CVE-2021-30354 | 1 Amazon | 2 Kindle, Kindle Firmware | 2024-11-21 | 8.6 High |
| Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book. | ||||