Total
3217 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32627 | 6 Debian, Fedoraproject, Netapp and 3 more | 11 Debian Linux, Fedora, Management Services For Element Software and 8 more | 2024-11-21 | 7.5 High |
| Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | ||||
| CVE-2021-32625 | 2 Fedoraproject, Redislabs | 2 Fedora, Redis | 2024-11-21 | 7.5 High |
| Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB). | ||||
| CVE-2021-32491 | 2 Debian, Djvulibre Project | 2 Debian Linux, Djvulibre | 2024-11-21 | 7.8 High |
| A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. | ||||
| CVE-2021-32489 | 1 Yubico | 1 Yubihsm-shell | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product. | ||||
| CVE-2021-32027 | 2 Postgresql, Redhat | 7 Postgresql, Ansible Automation Platform, Enterprise Linux and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-31873 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. | ||||
| CVE-2021-31872 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. | ||||
| CVE-2021-31871 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 7.5 High |
| An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. | ||||
| CVE-2021-31870 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. | ||||
| CVE-2021-31808 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Cloud Manager and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | ||||
| CVE-2021-31807 | 4 Fedoraproject, Netapp, Redhat and 1 more | 4 Fedora, Cloud Manager, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | ||||
| CVE-2021-31642 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 6.5 Medium |
| A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. | ||||
| CVE-2021-31572 | 1 Amazon | 1 Freertos | 2024-11-21 | 9.8 Critical |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer. | ||||
| CVE-2021-31571 | 1 Amazon | 1 Freertos | 2024-11-21 | 9.8 Critical |
| The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation. | ||||
| CVE-2021-31426 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791. | ||||
| CVE-2021-31425 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790. | ||||
| CVE-2021-31319 | 1 Telegram | 1 Telegram | 2024-11-21 | 5.5 Medium |
| Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. | ||||
| CVE-2021-31292 | 4 Debian, Exiv2, Fedoraproject and 1 more | 4 Debian Linux, Exiv2, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. | ||||
| CVE-2021-30952 | 4 Apple, Debian, Fedoraproject and 1 more | 10 Ipados, Iphone Os, Macos and 7 more | 2024-11-21 | 7.8 High |
| An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-30907 | 1 Apple | 7 Ipad Os, Ipados, Iphone Os and 4 more | 2024-11-21 | 7.8 High |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevate privileges. | ||||