Search Results (46009 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-21202 1 Fujielectric 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware 2025-04-16 3.3 Low
The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information.
CVE-2021-27427 1 Riot-os 1 Riot 2025-04-16 7.3 High
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27417 1 Ecoscentric 1 Ecospro 2025-04-16 4.6 Medium
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
CVE-2021-27411 1 Silabs 1 Micrium Os 2025-04-16 6.5 Medium
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.
CVE-2021-27419 1 Uclibc-ng Project 1 Uclibc-ng 2025-04-16 7.3 High
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27425 1 Cesanta 1 Mongoose Os 2025-04-16 7.3 High
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27435 1 Arm 1 Mbed 2025-04-16 7.3 High
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27431 1 Arm 1 Cmsis-rtos 2025-04-16 7.3 High
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
CVE-2021-27421 1 Nxp 1 Mcuxpresso Software Development Kit 2025-04-16 7.3 High
NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.
CVE-2021-22680 1 Nxp 1 Mqx 2025-04-16 7.3 High
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27439 1 Tencent 1 Tencentos-tiny 2025-04-16 7.3 High
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-27433 1 Arm 1 Mbed Ualloc 2025-04-16 7.3 High
ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-38439 1 Gurum 1 Gurumdds 2025-04-16 8.6 High
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.
CVE-2021-38441 1 Eclipse 1 Cyclonedds 2025-04-16 6.6 Medium
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
CVE-2021-38445 1 Objectcomputing 1 Opendds 2025-04-16 7 High
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.
CVE-2021-38423 1 Gurum 1 Gurumdds 2025-04-16 6.6 Medium
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.
CVE-2021-38427 1 Rti 2 Connext Professional, Connext Secure 2025-04-16 6.6 Medium
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
CVE-2021-38433 1 Rti 2 Connext Professional, Connext Secure 2025-04-16 6.6 Medium
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
CVE-2021-38435 1 Rti 2 Connext Professional, Connext Secure 2025-04-16 6.6 Medium
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
CVE-2021-27482 1 Opener Project 1 Opener 2025-04-16 7.5 High
A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.