Total
3306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40346 | 4 Debian, Fedoraproject, Haproxy and 1 more | 4 Debian Linux, Fedora, Haproxy and 1 more | 2024-11-21 | 7.5 High |
| An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | ||||
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | ||||
| CVE-2021-3624 | 2 Dcraw Project, Debian | 2 Dcraw, Debian Linux | 2024-11-21 | 7.8 High |
| There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. | ||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 6.0 Medium |
| An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3520 | 5 Lz4 Project, Netapp, Oracle and 2 more | 12 Lz4, Active Iq Unified Manager, Cloud Backup and 9 more | 2024-11-21 | 9.8 Critical |
| There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | ||||
| CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. | ||||
| CVE-2021-3476 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.3 Medium |
| A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | ||||
| CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.3 Medium |
| There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. | ||||
| CVE-2021-3474 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.3 Medium |
| There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. | ||||
| CVE-2021-3428 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat. | ||||
| CVE-2021-3420 | 2 Fedoraproject, Newlib Project | 2 Fedora, Newlib | 2024-11-21 | 9.8 Critical |
| A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. | ||||
| CVE-2021-3410 | 3 Debian, Fedoraproject, Libcaca Project | 3 Debian Linux, Fedora, Libcaca | 2024-11-21 | 7.8 High |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | ||||
| CVE-2021-3402 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2024-11-21 | 9.1 Critical |
| An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4 | ||||
| CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.8 Medium |
| Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | ||||
| CVE-2021-39993 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 9.8 Critical |
| There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | ||||
| CVE-2021-39762 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816 | ||||
| CVE-2021-39759 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830 | ||||
| CVE-2021-39736 | 1 Google | 1 Android | 2024-11-21 | 6.7 Medium |
| In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A | ||||
| CVE-2021-39732 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A | ||||
| CVE-2021-39719 | 1 Google | 1 Android | 2024-11-21 | 6.7 Medium |
| In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A | ||||