Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45481 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. | |||||
| CVE-2021-45480 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. | |||||
| CVE-2021-45346 | 2 Netapp, Sqlite | 2 Ontap Select Deploy Administration Utility, Sqlite | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. | |||||
| CVE-2021-44961 | 1 Slic3r | 1 Libslic3r | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. | |||||
| CVE-2021-44542 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability was found in Privoxy when handling errors. | |||||
| CVE-2021-44541 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | |||||
| CVE-2021-44540 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | |||||
| CVE-2021-42523 | 1 Colord Project | 1 Colord | 2024-11-21 | N/A | 7.5 HIGH |
| There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. | |||||
| CVE-2021-42522 | 1 Gnome | 1 Anjuta | 2024-11-21 | N/A | 7.5 HIGH |
| There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'. | |||||
| CVE-2021-42218 | 1 Rice | 1 Open Motion Planning Library | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OMPL v1.5.2 contains a memory leak in VFRRT.cpp | |||||
| CVE-2021-42197 | 1 Swftools | 1 Swftools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. | |||||
| CVE-2021-41959 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | |||||
| CVE-2021-41690 | 1 Offis | 1 Dcmtk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack. | |||||
| CVE-2021-41687 | 1 Offis | 1 Dcmtk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. | |||||
| CVE-2021-41490 | 1 Rice | 1 Open Motion Planning Library | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior. | |||||
| CVE-2021-41229 | 2 Bluez, Debian | 2 Bluez, Debian Linux | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash. | |||||
| CVE-2021-41145 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7. | |||||
| CVE-2021-40633 | 1 Giflib Project | 1 Giflib | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | |||||
| CVE-2021-40114 | 2 Cisco, Snort | 4 Firepower Management Center, Firepower Threat Defense, Unified Threat Defense and 1 more | 2024-11-21 | 7.8 HIGH | 6.8 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload. | |||||
| CVE-2021-40047 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity. | |||||