Total
12268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27692 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input. | |||||
| CVE-2021-27691 | 1 Tendacn | 6 G0, G0 Firmware, G1 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input. | |||||
| CVE-2021-27477 | 1 Jtekt | 44 2port-efr, 2port-efr Firmware, Fl\/et-t-v2h and 41 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop. | |||||
| CVE-2021-27397 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287) | |||||
| CVE-2021-27376 | 1 Nb-connect Project | 1 Nb-connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | |||||
| CVE-2021-26868 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2021-26843 | 1 Sthttpd Project | 1 Sthttpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function. | |||||
| CVE-2021-26378 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
| CVE-2021-26372 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | |||||
| CVE-2021-26369 | 1 Amd | 99 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 96 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | |||||
| CVE-2021-26364 | 1 Amd | 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | |||||
| CVE-2021-26352 | 1 Amd | 60 Ryzen 3 5300g, Ryzen 3 5300g Firmware, Ryzen 3 5300ge and 57 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2021-26336 | 1 Amd | 190 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 187 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. | |||||
| CVE-2021-26257 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-25660 | 1 Siemens | 19 Simatic Hmi Comfort Outdoor Panels 15\", Simatic Hmi Comfort Outdoor Panels 15\" Firmware, Simatic Hmi Comfort Outdoor Panels 7\" and 16 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition. | |||||
| CVE-2021-25518 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25493 | 1 Samsung | 1 Notes | 2024-11-21 | 3.6 LOW | 4.0 MEDIUM |
| Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read | |||||
| CVE-2021-25449 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. | |||||
| CVE-2021-25387 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
| CVE-2021-25386 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||