CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2021(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-25174 400 DoS Mem. Corr. 2021-01-18 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).
2 CVE-2021-3185 120 Exec Code Mem. Corr. 2021-01-26 2021-02-03
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
3 CVE-2021-1705 Mem. Corr. 2021-01-12 2021-01-20
7.6
None Remote High Not required Complete Complete Complete
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
4 CVE-2021-0342 416 Mem. Corr. 2021-01-11 2021-01-13
4.6
None Local Low Not required Partial Partial Partial
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327.
5 CVE-2021-0310 416 Mem. Corr. 2021-01-11 2021-01-13
7.2
None Local Low Not required Complete Complete Complete
In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632.
6 CVE-2020-36220 Mem. Corr. 2021-01-26 2021-07-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.
7 CVE-2020-36217 Mem. Corr. 2021-01-26 2021-07-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur.
8 CVE-2020-36216 Mem. Corr. 2021-01-26 2021-07-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.
9 CVE-2020-36215 Mem. Corr. 2021-01-26 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur.
10 CVE-2020-36211 Mem. Corr. 2021-01-26 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
11 CVE-2020-36210 908 Mem. Corr. 2021-01-26 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption.
12 CVE-2020-36208 Mem. Corr. 2021-01-26 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.
13 CVE-2020-36207 Mem. Corr. 2021-01-26 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.
14 CVE-2020-36206 Mem. Corr. 2021-01-26 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.
15 CVE-2020-36203 Mem. Corr. 2021-01-26 2021-07-21
1.9
None Local Medium Not required None None Partial
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
16 CVE-2020-35114 787 Mem. Corr. 2021-01-07 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.
17 CVE-2020-35113 787 Mem. Corr. 2021-01-07 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
18 CVE-2020-26974 787 Mem. Corr. 2021-01-07 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
19 CVE-2020-13545 681 Mem. Corr. 2021-01-06 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.
20 CVE-2020-11167 190 Mem. Corr. 2021-01-21 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
21 CVE-2020-3685 415 DoS Mem. Corr. 2021-01-21 2021-01-29
7.8
None Remote Low Not required None None Complete
Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.