Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5432 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding. | |||||
| CVE-2021-22563 | 1 Libjxl Project | 1 Libjxl | 2021-11-03 | 3.6 LOW | 4.4 MEDIUM |
| Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757 | |||||
| CVE-2021-22552 | 1 Google | 1 Asylo | 2021-08-10 | 2.1 LOW | 5.5 MEDIUM |
| An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a | |||||
| CVE-2021-34322 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416) | |||||
| CVE-2020-25853 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2021-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. | |||||
| CVE-2019-3563 | 1 Facebook | 1 Wangle | 2020-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00 | |||||
| CVE-2018-14790 | 1 Fujielectric | 7 Frenic-ace, Frenic-eco, Frenic-mega and 4 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. | |||||
| CVE-2018-8799 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | |||||
| CVE-2018-8798 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | |||||
| CVE-2018-8796 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||||
| CVE-2018-8792 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | |||||
| CVE-2018-8791 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | |||||
| CVE-2018-8789 | 3 Canonical, Debian, Freerdp | 3 Ubuntu Linux, Debian Linux, Freerdp | 2019-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). | |||||