CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2021(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30499 119 Overflow Mem. Corr. 2021-05-27 2021-06-04
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.
2 CVE-2021-30498 119 Overflow Mem. Corr. 2021-05-26 2021-06-01
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.
3 CVE-2021-29571 787 Exec Code Mem. Corr. 2021-05-14 2021-07-26
4.6
None Local Low Not required Partial Partial Partial
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of `boxes` input is 4, as required by [the op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in `boxes` is less than 4, accesses similar to `tboxes(b, bb, 3)` will access data outside of bounds. Further during code execution there are also writes to these indices. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
4 CVE-2021-28664 269 DoS Mem. Corr. 2021-05-10 2021-06-17
9.0
None Remote Low ??? Complete Complete Complete
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0.
5 CVE-2021-27397 119 Exec Code Overflow Mem. Corr. 2021-05-12 2021-05-19
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287)
6 CVE-2021-26419 119 Overflow Mem. Corr. 2021-05-11 2021-05-17
7.6
None Remote High Not required Complete Complete Complete
Scripting Engine Memory Corruption Vulnerability
7 CVE-2021-20204 416 Exec Code Mem. Corr. 2021-05-06 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
8 CVE-2021-3561 119 Overflow Mem. Corr. 2021-05-26 2021-10-04
5.8
None Remote Medium Not required None Partial Partial
An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
9 CVE-2021-3549 119 Overflow Mem. Corr. 2021-05-26 2021-06-04
5.8
None Remote Medium Not required None Partial Partial
An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.
10 CVE-2020-35198 190 Overflow Mem. Corr. 2021-05-12 2021-06-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
11 CVE-2020-27815 787 Mem. Corr. 2021-05-26 2021-12-10
6.1
None Local Low Not required Partial Partial Complete
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
12 CVE-2020-22034 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
13 CVE-2020-22032 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
14 CVE-2020-22031 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
15 CVE-2020-22030 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
16 CVE-2020-22029 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
17 CVE-2020-22027 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
18 CVE-2020-22025 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
19 CVE-2020-22023 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
20 CVE-2020-22022 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
21 CVE-2020-22017 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
22 CVE-2020-22016 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
23 CVE-2020-20267 119 DoS Overflow Mem. Corr. 2021-05-11 2021-05-19
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
24 CVE-2020-20266 476 DoS Mem. Corr. 2021-05-19 2021-05-25
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
25 CVE-2020-20265 617 DoS Mem. Corr. 2021-05-11 2022-01-01
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
26 CVE-2020-20254 476 DoS Mem. Corr. 2021-05-18 2021-06-01
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
27 CVE-2020-20247 119 DoS Overflow Mem. Corr. 2021-05-03 2021-05-10
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
28 CVE-2020-20246 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
29 CVE-2020-20245 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
30 CVE-2020-20237 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
31 CVE-2020-20236 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
32 CVE-2020-20227 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
33 CVE-2020-20222 476 DoS Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
34 CVE-2020-20220 119 DoS Overflow Mem. Corr. 2021-05-18 2021-05-21
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
35 CVE-2020-20218 119 DoS Overflow Mem. Corr. 2021-05-03 2022-01-01
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
36 CVE-2020-11279 190 Mem. Corr. 2021-05-07 2021-05-12
10.0
None Remote Low Not required Complete Complete Complete
Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
37 CVE-2020-11254 476 Mem. Corr. 2021-05-07 2021-05-14
2.1
None Local Low Not required None None Partial
Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Total number of vulnerabilities : 37   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.