CWE:
 

Tytuł
Data
Autor
Med.
MiniUPnP MiniUPnPc < 2.0 Remote Denial of Service
12.01.2018
tintinweb
Med.
Windows Kernel win32k.sys Integer Overflow (MS13-101)
12.12.2013
CORE
High
Apache 1.3.41 mod_proxy Integer overflow (code execution)
29.01.2010
Adam Zabrocki
Med.
Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
11.12.2009
ZDI


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-09-08
Medium
CVE-2021-30663

Vendor: Apple
Software: Macos
 

 
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

 
Medium
CVE-2021-30760

Vendor: Apple
Software: Ipad os
 

 
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

 
Medium
CVE-2021-40346

Vendor: Haproxy
Software: Haproxy
 

 
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

 
2021-09-01
Low
CVE-2021-36058

Vendor: Adobe
Software: Xmp toolkit sdk
 

 
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

 
2021-08-31
Medium
CVE-2021-22684

Vendor: Samsung
Software: Tizenrt
 

 
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash

 
2021-08-25
Medium
CVE-2021-21850

Vendor: GPAC
Software: GPAC
 

 

 
Medium
CVE-2021-21849

Vendor: GPAC
Software: GPAC
 

 

 
Medium
CVE-2021-21848

Vendor: GPAC
Software: GPAC
 

 

 
Medium
CVE-2021-21842

Vendor: GPAC
Software: GPAC
 

 
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

 
Medium
CVE-2021-21841

Vendor: GPAC
Software: GPAC
 

 
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top