Total
12263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40026 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-40021 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40014 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40010 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution. | |||||
| CVE-2021-40009 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-40002 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | |||||
| CVE-2021-40000 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | |||||
| CVE-2021-3861 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | |||||
| CVE-2021-3839 | 3 Dpdk, Fedoraproject, Redhat | 4 Data Plane Development Kit, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. | |||||
| CVE-2021-3835 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
| Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | |||||
| CVE-2021-3761 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues. | |||||
| CVE-2021-3756 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libmysofa is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3751 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libmobi is vulnerable to Out-of-bounds Write | |||||
| CVE-2021-3721 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | |||||
| CVE-2021-3713 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 4.6 MEDIUM | 7.4 HIGH |
| An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. | |||||
| CVE-2021-3697 | 2 Gnu, Redhat | 12 Grub2, Codeready Linux Builder, Developer Tools and 9 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2021-3696 | 3 Gnu, Netapp, Redhat | 13 Grub2, Ontap Select Deploy Administration Utility, Codeready Linux Builder and 10 more | 2024-11-21 | 6.9 MEDIUM | 4.5 MEDIUM |
| A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 14 Fedora, Grub2, Ontap Select Deploy Administration Utility and 11 more | 2024-11-21 | 4.4 MEDIUM | 4.5 MEDIUM |
| A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | |||||
| CVE-2021-3675 | 1 Synaptics | 1 Fingerprint Driver | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64. | |||||
| CVE-2021-3638 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | |||||