Total
11936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5668 | 1 Freetype | 1 Freetype | 2021-01-26 | 4.3 MEDIUM | N/A |
| FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. | |||||
| CVE-2012-5670 | 1 Freetype | 1 Freetype | 2021-01-26 | 4.3 MEDIUM | N/A |
| The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. | |||||
| CVE-2012-1138 | 2 Freetype, Mozilla | 2 Freetype, Firefox Mobile | 2021-01-26 | 9.3 HIGH | N/A |
| FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. | |||||
| CVE-2010-3814 | 1 Freetype | 1 Freetype | 2021-01-26 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. | |||||
| CVE-2017-8287 | 1 Freetype | 1 Freetype | 2021-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | |||||
| CVE-2020-35877 | 1 Ozone Project | 1 Ozone | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. | |||||
| CVE-2020-35878 | 1 Ozone Project | 1 Ozone | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | |||||
| CVE-2007-5729 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Opensuse, Qemu | 2020-12-15 | 7.2 HIGH | N/A |
| The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability. | |||||
| CVE-2020-13754 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. | |||||
| CVE-2020-26243 | 1 Nanopb Project | 1 Nanopb | 2020-12-07 | 4.3 MEDIUM | 7.5 HIGH |
| Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards. | |||||
| CVE-2017-14632 | 3 Canonical, Debian, Xiph.org | 3 Ubuntu Linux, Debian Linux, Libvorbis | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | |||||
| CVE-2017-18206 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2020-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | |||||
| CVE-2012-5958 | 1 Libupnp Project | 1 Libupnp | 2020-11-28 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction. | |||||
| CVE-2020-5388 | 1 Dell | 2 Inspiron 15 7579, Inspiron 15 7579 Firmware | 2020-11-24 | 4.4 MEDIUM | 6.9 MEDIUM |
| Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | |||||
| CVE-2016-10049 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | |||||
| CVE-2016-10050 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | |||||
| CVE-2016-10052 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10054 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10055 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10056 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||