Total
12260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33289 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | |||||
| CVE-2021-33287 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. | |||||
| CVE-2021-33286 | 2 Debian, Tuxera | 2 Debian Linux, Ntfs-3g | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | |||||
| CVE-2021-33285 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild. | |||||
| CVE-2021-33274 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33271 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33270 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33269 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33268 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33267 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33266 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33265 | 1 Dlink | 2 Dir-809, Dir-809 Firmware | 2024-11-21 | 7.2 HIGH | 9.8 CRITICAL |
| D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2021-33217 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. | |||||
| CVE-2021-33200 | 3 Fedoraproject, Linux, Netapp | 19 Fedora, Linux Kernel, Cloud Backup and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. | |||||
| CVE-2021-33186 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. | |||||
| CVE-2021-33086 | 1 Intel | 206 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 203 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-33023 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2021-33002 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||