‼ CVE-2021-45935 ‼
📖 Read
via "National Vulnerability Database".
Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45938 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45939 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45942 ‼
📖 Read
via "National Vulnerability Database".
OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45931 ‼
📖 Read
via "National Vulnerability Database".
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45941 ‼
📖 Read
via "National Vulnerability Database".
libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44717 ‼
📖 Read
via "National Vulnerability Database".
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41817 ‼
📖 Read
via "National Vulnerability Database".
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45932 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45936 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45927 ‼
📖 Read
via "National Vulnerability Database".
MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45937 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44852 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41819 ‼
📖 Read
via "National Vulnerability Database".
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2021-43333 ‼
📖 Read
via "National Vulnerability Database".
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45960 ‼
📖 Read
via "National Vulnerability Database".
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45972 ‼
📖 Read
via "National Vulnerability Database".
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44896 ‼
📖 Read
via "National Vulnerability Database".
DMP Roadmap before 3.0.4 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22293 ‼
📖 Read
via "National Vulnerability Database".
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0080 ‼
📖 Read
via "National Vulnerability Database".
mruby is vulnerable to Heap-based Buffer Overflow📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36751 ‼
📖 Read
via "National Vulnerability Database".
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)📖 Read
via "National Vulnerability Database".