Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3905 | 4 Canonical, Fedoraproject, Openvswitch and 1 more | 4 Ubuntu Linux, Fedora, Openvswitch and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | |||||
| CVE-2021-3764 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | |||||
| CVE-2021-3736 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information. | |||||
| CVE-2021-3690 | 1 Redhat | 8 Enterprise Linux, Fuse, Integration Camel K and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | |||||
| CVE-2021-3574 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2024-11-21 | N/A | 3.3 LOW |
| A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | |||||
| CVE-2021-3544 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. | |||||
| CVE-2021-3492 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | |||||
| CVE-2021-3181 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. | |||||
| CVE-2021-39282 | 1 Live555 | 1 Live555 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. | |||||
| CVE-2021-39176 | 1 Detect-character-encoding Project | 1 Detect-character-encoding | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1. | |||||
| CVE-2021-37205 | 1 Siemens | 95 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 92 more | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. | |||||
| CVE-2021-37046 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. | |||||
| CVE-2021-36993 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-35078 | 1 Qualcomm | 214 Aqt1000, Aqt1000 Firmware, Ar8035 and 211 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-34792 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2021-34740 | 1 Cisco | 71 1100-4g\/6g Integrated Services Router, 1100-4p Integrated Services Router, 1100-8p Integrated Services Router and 68 more | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device. | |||||
| CVE-2021-34698 | 1 Cisco | 8 Asyncos, Web Security Appliance S170, Web Security Appliance S190 and 5 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation. | |||||
| CVE-2021-34598 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active | |||||
| CVE-2021-34431 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. | |||||