Vulnerabilities (CVE)

Filtered by CWE-787
Total 10481 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27915 1 Apple 1 Mac Os X 2022-06-28 9.3 HIGH 7.8 HIGH
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges.
CVE-2020-27944 1 Apple 5 Ipad Os, Iphone Os, Macos and 2 more 2022-06-28 6.8 MEDIUM 7.8 HIGH
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.
CVE-2020-20250 1 Mikrotik 1 Routeros 2022-06-28 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
CVE-2021-1767 1 Apple 4 Ipados, Iphone Os, Mac Os X and 1 more 2022-06-28 9.3 HIGH 7.8 HIGH
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.
CVE-2020-36317 1 Rust-lang 1 Rust 2022-06-28 5.0 MEDIUM 7.5 HIGH
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
CVE-2021-0628 1 Google 1 Android 2022-06-28 4.6 MEDIUM 6.7 MEDIUM
In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.
CVE-2021-1892 1 Qualcomm 108 Aqt1000, Aqt1000 Firmware, Pm8005 and 105 more 2022-06-28 7.2 HIGH 7.8 HIGH
Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking
CVE-2020-27907 1 Apple 1 Macos 2022-06-28 9.3 HIGH 7.8 HIGH
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-27943 1 Apple 5 Ipad Os, Iphone Os, Macos and 2 more 2022-06-28 6.8 MEDIUM 7.8 HIGH
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.
CVE-2020-20247 1 Mikrotik 1 Routeros 2022-06-28 4.0 MEDIUM 6.5 MEDIUM
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
CVE-2021-1760 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2022-06-28 4.3 MEDIUM 5.5 MEDIUM
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.
CVE-2021-22345 1 Huawei 2 Emui, Magic Ui 2022-06-28 7.5 HIGH 9.8 CRITICAL
There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE-2021-20109 1 Zohocorp 1 Manageengine Assetexplorer 2022-06-28 5.0 MEDIUM 7.5 HIGH
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur.
CVE-2020-25928 1 Hcc-embedded 1 Nichestack Tcp\/ip 2022-06-28 7.5 HIGH 9.8 CRITICAL
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the "response data length" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context.
CVE-2021-1890 1 Qualcomm 316 Apq8017, Apq8017 Firmware, Apq8037 and 313 more 2022-06-28 7.2 HIGH 7.8 HIGH
Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-1840 1 Apple 2 Mac Os X, Macos 2022-06-28 4.6 MEDIUM 7.8 HIGH
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.
CVE-2022-27532 1 Autodesk 1 3ds Max 2022-06-27 6.8 MEDIUM 7.8 HIGH
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.
CVE-2019-5051 4 Canonical, Debian, Libsdl and 1 more 5 Ubuntu Linux, Debian Linux, Sdl2 Image and 2 more 2022-06-27 6.8 MEDIUM 8.8 HIGH
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2019-5057 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2022-06-27 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVE-2019-5058 2 Libsdl, Opensuse 3 Sdl2 Image, Backports Sle, Leap 2022-06-27 6.8 MEDIUM 8.8 HIGH
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.