Total
12074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33124 | 1 Intel | 1346 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 1343 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-33086 | 1 Intel | 206 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 203 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-33060 | 2 Intel, Netapp | 144 Xeon Gold 5315y, Xeon Gold 5315y Firmware, Xeon Gold 5317 and 141 more | 2024-11-21 | N/A | 7.8 HIGH |
| Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33023 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2021-33002 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2021-33000 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2021-32995 | 1 Hornerautomation | 1 Cscape | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-32988 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-32976 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. | |||||
| CVE-2021-32969 | 1 Deltaww | 1 Diascreen | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-32952 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | |||||
| CVE-2021-32948 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | |||||
| CVE-2021-32947 | 1 Fatek | 1 Fvdesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
| CVE-2021-32941 | 1 Annke | 2 N48pbb, N48pbb Firmware | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
| Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). | |||||
| CVE-2021-32939 | 1 Fatek | 1 Fvdesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution. | |||||
| CVE-2021-32936 | 2 Opendesign, Siemens | 4 Drawings Sdk, Comos, Jt2go and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | |||||
| CVE-2021-32626 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Management Services For Element Software and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. | |||||