CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21811
https://notcve.org/view.php?id=CVE-2021-21811
31 Aug 2021 — A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad XML-parsing CreateLabelOrAttrib de Xmill versión 0.7 de AT&T Labs. Un archivo XML especialmente diseñado puede conllevar a un desbordamiento del búfer de la pila. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1279 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22684
https://notcve.org/view.php?id=CVE-2021-22684
31 Aug 2021 — Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. • https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 2CVE-2021-3749 – Inefficient Regular Expression Complexity in axios/axios
https://notcve.org/view.php?id=CVE-2021-3749
31 Aug 2021 — Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, and path sanitization vulnerabilities. • https://github.com/T-Guerrero/axios-redos • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2021-3622 – hivex: stack overflow due to recursive call of _get_children()
https://notcve.org/view.php?id=CVE-2021-3622
31 Aug 2021 — Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities. • https://bugzilla.redhat.com/show_bug.cgi?id=1975489 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 2CVE-2021-23434 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23434
27 Aug 2021 — Issues addressed include bypass, denial of service, integer overflow, and out of bounds read vulnerabilities. • https://github.com/mariocasciaro/object-path%230116 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21850 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-21850
25 Aug 2021 — An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21848 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-21848
25 Aug 2021 — An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21849 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-21849
25 Aug 2021 — An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21841 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-21841
25 Aug 2021 — An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21842 – Gentoo Linux Security Advisory 202408-21
https://notcve.org/view.php?id=CVE-2021-21842
25 Aug 2021 — An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •