CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-34557 Overflow Bypass 2021-06-10 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
2 CVE-2021-33833 Overflow 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
3 CVE-2021-32625 680 Exec Code Overflow 2021-06-02 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer (on 32-bit systems ONLY) can be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix for CVE-2021-29477 which only addresses the problem on 64-bit systems but fails to do that for 32-bit. 64-bit systems are not affected. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the `redis-server` executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
4 CVE-2021-32489 190 Overflow 2021-05-10 2021-05-19
3.5
None Remote Medium ??? None None Partial
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
5 CVE-2021-32458 787 Exec Code Overflow 2021-05-27 2021-06-07
7.2
None Local Low Not required Complete Complete Complete
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability.
6 CVE-2021-32457 269 Exec Code Overflow 2021-05-26 2021-06-03
4.6
None Local Low Not required Partial Partial Partial
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability.
7 CVE-2021-32238 787 DoS Exec Code Overflow 2021-05-18 2021-05-25
9.3
None Remote Medium Not required Complete Complete Complete
Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario.
8 CVE-2021-32027 119 Overflow 2021-06-01 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9 CVE-2021-32020 119 Overflow 2021-05-03 2021-05-12
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.
10 CVE-2021-31875 787 Overflow 2021-04-29 2021-05-10
7.5
None Remote Low Not required Partial Partial Partial
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow.
11 CVE-2021-31873 190 Overflow 2021-04-30 2021-05-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
12 CVE-2021-31872 Overflow 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
13 CVE-2021-31871 Overflow 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
14 CVE-2021-31870 Overflow 2021-04-30 2021-04-30
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
15 CVE-2021-31837 787 Exec Code Overflow Mem. Corr. 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.
16 CVE-2021-31807 DoS Overflow 2021-06-08 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
17 CVE-2021-31802 Exec Code Overflow 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.
18 CVE-2021-31758 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
19 CVE-2021-31757 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
20 CVE-2021-31756 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable.
21 CVE-2021-31755 787 Exec Code Overflow 2021-05-07 2021-05-10
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
22 CVE-2021-31642 190 DoS Overflow 2021-06-01 2021-06-08
6.8
None Remote Low ??? None None Complete
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
23 CVE-2021-31616 120 Exec Code Overflow 2021-05-06 2021-05-17
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB.
24 CVE-2021-31598 91 Overflow 2021-04-24 2021-05-14
5.0
None Remote Low Not required None None Partial
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
25 CVE-2021-31572 190 Overflow 2021-04-22 2021-06-02
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.
26 CVE-2021-31571 190 Overflow 2021-04-22 2021-06-02
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.
27 CVE-2021-31472 119 Exec Code Overflow 2021-05-07 2021-05-19
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13011.
28 CVE-2021-31454 122 Exec Code Overflow 2021-05-07 2021-05-11
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Decimal element. A crafted leadDigits value in a Decimal element can trigger an overflow of a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-13095.
29 CVE-2021-31426 190 Exec Code Overflow 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791.
30 CVE-2021-31425 190 Exec Code Overflow 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790.
31 CVE-2021-31323 787 Overflow 2021-05-18 2021-05-25
4.3
None Remote Medium Not required Partial None None
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.
32 CVE-2021-31322 787 Overflow 2021-05-18 2021-05-25
4.3
None Remote Medium Not required Partial None None
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.
33 CVE-2021-31321 787 Overflow 2021-05-18 2021-05-25
5.8
None Remote Medium Not required None Partial Partial
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.
34 CVE-2021-31320 787 Overflow 2021-05-18 2021-05-25
5.8
None Remote Medium Not required None Partial Partial
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker.
35 CVE-2021-31319 190 Overflow 2021-05-18 2021-05-25
4.3
None Remote Medium Not required Partial None None
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.
36 CVE-2021-31315 787 Overflow 2021-05-18 2021-05-25
4.3
None Remote Medium Not required Partial None None
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.
37 CVE-2021-31261 119 Overflow 2021-04-19 2021-04-21
4.3
None Remote Medium Not required Partial None None
The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.
38 CVE-2021-31256 119 Overflow 2021-04-19 2021-04-21
4.3
None Remote Medium Not required Partial None None
Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
39 CVE-2021-31255 120 DoS Exec Code Overflow 2021-04-19 2021-04-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
40 CVE-2021-31254 787 DoS Exec Code Overflow 2021-04-19 2021-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
41 CVE-2021-30530 119 Overflow 2021-06-07 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
42 CVE-2021-30521 787 Overflow 2021-06-07 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
43 CVE-2021-30518 787 Overflow 2021-06-04 2021-06-08
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
44 CVE-2021-30516 787 Overflow 2021-06-04 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
45 CVE-2021-30508 787 Overflow 2021-06-04 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
46 CVE-2021-30499 119 Overflow Mem. Corr. 2021-05-27 2021-06-04
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.
47 CVE-2021-30498 119 Overflow Mem. Corr. 2021-05-26 2021-06-01
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.
48 CVE-2021-30481 120 Exec Code Overflow 2021-04-10 2021-04-21
6.0
None Remote Medium ??? Partial Partial Partial
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
49 CVE-2021-30475 120 Overflow 2021-06-04 2021-06-11
7.5
None Remote Low Not required Partial Partial Partial
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
50 CVE-2021-30472 119 Overflow 2021-05-26 2021-06-08
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
Total number of vulnerabilities : 723   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.