CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2021(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-37576 787 Mem. Corr. 2021-07-26 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
2 CVE-2021-34448 787 Mem. Corr. 2021-07-16 2021-07-22
9.3
None Remote Medium Not required Complete Complete Complete
Scripting Engine Memory Corruption Vulnerability
3 CVE-2021-34306 119 Exec Code Overflow Mem. Corr. 2021-07-13 2021-07-27
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)
4 CVE-2021-33684 787 Mem. Corr. 2021-07-14 2021-07-27
5.0
None Remote Low Not required None None Partial
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
5 CVE-2021-22555 787 +Priv Mem. Corr. 2021-07-07 2022-01-06
4.6
None Local Low Not required Partial Partial Partial
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
6 CVE-2021-21794 787 Mem. Corr. 2021-07-08 2021-07-12
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
7 CVE-2021-21793 787 Mem. Corr. 2021-07-08 2021-07-14
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
8 CVE-2021-21779 416 Mem. Corr. +Info 2021-07-08 2021-09-20
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
9 CVE-2021-21775 416 Mem. Corr. +Info 2021-07-07 2021-09-20
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.
10 CVE-2021-1890 119 Overflow Mem. Corr. 2021-07-13 2021-07-15
7.2
None Local Low Not required Complete Complete Complete
Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
11 CVE-2021-1888 415 Mem. Corr. 2021-07-13 2021-07-15
7.2
None Local Low Not required Complete Complete Complete
Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
12 CVE-2021-1886 787 Mem. Corr. 2021-07-13 2021-07-15
7.2
None Local Low Not required Complete Complete Complete
Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
13 CVE-2020-20252 476 DoS Mem. Corr. 2021-07-13 2021-07-15
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
14 CVE-2020-20250 476 DoS Mem. Corr. 2021-07-13 2021-07-15
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.
15 CVE-2020-20249 119 DoS Overflow Mem. Corr. 2021-07-19 2021-07-28
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
16 CVE-2020-20231 787 DoS Mem. Corr. 2021-07-14 2021-07-20
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
17 CVE-2020-20219 787 DoS Mem. Corr. 2021-07-21 2021-07-30
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
18 CVE-2020-20216 476 DoS Mem. Corr. 2021-07-07 2021-07-08
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
19 CVE-2020-20215 119 DoS Overflow Mem. Corr. 2021-07-07 2021-07-08
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
20 CVE-2020-20212 476 DoS Mem. Corr. 2021-07-07 2021-07-08
4.0
None Remote Low ??? None None Partial
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.