Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13985 | 1 Contiki-os | 1 Contiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | |||||
| CVE-2020-35926 | 1 Nanorand Project | 1 Nanorand | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. | |||||
| CVE-2021-23997 | 1 Mozilla | 1 Firefox | 2021-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 88. | |||||
| CVE-2010-2807 | 3 Apple, Canonical, Freetype | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2021-04-06 | 6.8 MEDIUM | N/A |
| FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2020-1913 | 1 Facebook | 1 Hermes | 2020-09-15 | 6.8 MEDIUM | 8.1 HIGH |
| An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2017-12140 | 1 Imagemagick | 1 Imagemagick | 2020-09-08 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. | |||||
| CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | |||||
| CVE-2018-1000224 | 1 Godotengine | 1 Godot | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b. | |||||
| CVE-2019-16200 | 1 Gnu | 1 Serveez | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read. | |||||
| CVE-2015-3406 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2019-12-16 | 6.4 MEDIUM | 7.5 HIGH |
| The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | |||||
| CVE-2018-5251 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2017-17446 | 1 Game-music-emu Project | 1 Game-music-emu | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2017-0857 | 1 Google | 1 Android | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. | |||||