CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-13835 119 Exec Code Overflow Mem. Corr. 2021-12-23 2022-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.
2 CVE-2017-13880 Exec Code Mem. Corr. 2021-12-23 2022-01-06
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.
3 CVE-2017-13906 119 Overflow Mem. Corr. 2021-12-23 2022-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges.
4 CVE-2018-25024 787 Mem. Corr. 2021-12-27 2022-01-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.
5 CVE-2018-25025 787 Mem. Corr. 2021-12-27 2022-01-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
6 CVE-2018-25026 787 Mem. Corr. 2021-12-27 2022-01-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
7 CVE-2020-3685 415 DoS Mem. Corr. 2021-01-21 2021-01-29
7.8
None Remote Low Not required None None Complete
Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
8 CVE-2020-7870 20 Mem. Corr. 2021-06-29 2021-07-02
6.5
None Remote Low ??? Partial Partial Partial
A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter.
9 CVE-2020-9967 119 Overflow Mem. Corr. 2021-04-02 2021-07-14
9.3
None Remote Medium Not required Complete Complete Complete
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
10 CVE-2020-11165 120 Overflow Mem. Corr. 2021-06-09 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
11 CVE-2020-11167 190 Mem. Corr. 2021-01-21 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
12 CVE-2020-11176 295 Overflow Mem. Corr. 2021-06-09 2021-06-16
10.0
None Remote Low Not required Complete Complete Complete
While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile
13 CVE-2020-11187 129 Mem. Corr. 2021-02-22 2021-02-26
7.2
None Local Low Not required Complete Complete Complete
Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile
14 CVE-2020-11204 20 Mem. Corr. +Info 2021-02-22 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
15 CVE-2020-11210 20 Mem. Corr. 2021-04-07 2021-04-12
7.2
None Local Low Not required Complete Complete Complete
Possible memory corruption in RPM region due to improper XPU configuration in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
16 CVE-2020-11230 367 Mem. Corr. 2021-03-17 2021-03-18
4.4
None Local Medium Not required Partial Partial Partial
Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
17 CVE-2020-11236 20 DoS Mem. Corr. 2021-04-07 2021-04-12
7.8
None Remote Low Not required None None Complete
Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
18 CVE-2020-11240 131 Mem. Corr. 2021-06-09 2021-06-15
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
19 CVE-2020-11254 476 Mem. Corr. 2021-05-07 2021-05-14
2.1
None Local Low Not required None None Partial
Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
20 CVE-2020-11256 119 Overflow Mem. Corr. 2021-06-09 2021-06-16
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and Networking
21 CVE-2020-11257 119 Overflow Mem. Corr. 2021-06-09 2021-06-16
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking
22 CVE-2020-11258 119 Overflow Mem. Corr. 2021-06-09 2021-06-16
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking
23 CVE-2020-11259 119 Overflow Mem. Corr. 2021-06-09 2021-06-16
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking
24 CVE-2020-11261 20 Mem. Corr. 2021-06-09 2021-06-16
7.2
None Local Low Not required Complete Complete Complete
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
25 CVE-2020-11269 190 Mem. Corr. 2021-02-22 2021-03-08
8.3
None Local Network Low Not required Complete Complete Complete
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
26 CVE-2020-11279 190 Mem. Corr. 2021-05-07 2021-05-12
10.0
None Remote Low Not required Complete Complete Complete
Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
27 CVE-2020-12981 20 DoS Mem. Corr. 2021-06-11 2021-12-30
7.2
None Local Low Not required Complete Complete Complete
An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.
28 CVE-2020-13545 681 Mem. Corr. 2021-01-06 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.
29 CVE-2020-13579 190 Exec Code Overflow Mem. Corr. 2021-02-04 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
30 CVE-2020-13586 787 Overflow Mem. Corr. 2021-02-04 2021-02-10
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
31 CVE-2020-17426 119 Exec Code Overflow Mem. Corr. 2021-02-09 2021-05-12
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11230.
32 CVE-2020-20212 476 DoS Mem. Corr. 2021-07-07 2021-07-08
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
33 CVE-2020-20215 119 DoS Overflow Mem. Corr. 2021-07-07 2021-07-08
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
34 CVE-2020-20216 476 DoS Mem. Corr. 2021-07-07 2021-07-08
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
35 CVE-2020-20218 119 DoS Overflow Mem. Corr. 2021-05-03 2022-01-01
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
36 CVE-2020-20219 787 DoS Mem. Corr. 2021-07-21 2021-07-30
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
37 CVE-2020-20220 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
38 CVE-2020-20222 476 DoS Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
39 CVE-2020-20227 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
40 CVE-2020-20231 787 DoS Mem. Corr. 2021-07-14 2021-07-20
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
41 CVE-2020-20236 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
42 CVE-2020-20237 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
43 CVE-2020-20245 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
44 CVE-2020-20246 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
45 CVE-2020-20247 119 DoS Overflow Mem. Corr. 2021-05-03 2021-05-10
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
46 CVE-2020-20249 119 DoS Overflow Mem. Corr. 2021-07-19 2021-07-28
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
47 CVE-2020-20250 476 DoS Mem. Corr. 2021-07-13 2021-07-15
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
48 CVE-2020-20252 476 DoS Mem. Corr. 2021-07-13 2021-07-15
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
49 CVE-2020-20254 476 DoS Mem. Corr. 2021-05-18 2021-06-01
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
50 CVE-2020-20265 617 DoS Mem. Corr. 2021-05-11 2022-01-01
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
Total number of vulnerabilities : 415   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.