CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2021-38498 416 Mem. Corr. 2021-11-03 2021-11-04
5.0
None Remote Low Not required None None Partial
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
102 CVE-2021-38496 416 Mem. Corr. 2021-11-03 2022-01-04
6.8
None Remote Medium Not required Partial Partial Partial
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
103 CVE-2021-38495 119 Overflow Mem. Corr. 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
104 CVE-2021-38494 Mem. Corr. 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.
105 CVE-2021-38493 119 Overflow Mem. Corr. 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
106 CVE-2021-38436 119 Exec Code Overflow Mem. Corr. 2021-10-18 2021-10-21
6.8
None Remote Medium Not required Partial Partial Partial
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
107 CVE-2021-37576 787 Mem. Corr. 2021-07-26 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
108 CVE-2021-37222 DoS Exec Code Mem. Corr. 2021-08-12 2021-08-20
7.5
None Remote Low Not required Partial Partial Partial
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.
109 CVE-2021-36078 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
110 CVE-2021-36077 119 DoS Overflow Mem. Corr. 2021-09-01 2021-09-09
4.3
None Remote Medium Not required None None Partial
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.
111 CVE-2021-36076 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
112 CVE-2021-36069 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
113 CVE-2021-36068 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
114 CVE-2021-36067 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
115 CVE-2021-36059 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
116 CVE-2021-36052 788 Exec Code Mem. Corr. 2021-09-01 2021-10-27
6.8
None Remote Medium Not required Partial Partial Partial
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
117 CVE-2021-36049 788 Exec Code Mem. Corr. 2021-09-01 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
118 CVE-2021-36046 788 Exec Code Mem. Corr. 2021-09-01 2021-10-27
9.3
None Remote Medium Not required Complete Complete Complete
XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
119 CVE-2021-36017 119 Exec Code Overflow Mem. Corr. 2021-09-02 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
120 CVE-2021-36015 788 Exec Code Mem. Corr. 2021-08-20 2021-08-25
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Media Encoder version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
121 CVE-2021-36009 119 Exec Code Overflow Mem. Corr. 2021-08-20 2021-11-06
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Illustrator version 25.2.3 (and earlier) is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
122 CVE-2021-36000 788 Exec Code Mem. Corr. 2021-08-20 2021-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
123 CVE-2021-35999 788 Exec Code Mem. Corr. 2021-08-20 2021-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
124 CVE-2021-35997 788 Exec Code Mem. Corr. 2021-08-20 2021-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
125 CVE-2021-35996 788 Exec Code Mem. Corr. 2021-09-02 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
126 CVE-2021-35394 Mem. Corr. 2021-08-16 2021-08-26
10.0
None Remote Low Not required Complete Complete Complete
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
127 CVE-2021-34859 119 Exec Code Overflow Mem. Corr. 2021-10-25 2021-10-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.
128 CVE-2021-34856 119 Exec Code Overflow Mem. Corr. 2021-10-25 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581.
129 CVE-2021-34758 732 DoS Mem. Corr. 2021-10-06 2021-10-14
2.1
None Local Low Not required None None Partial
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.
130 CVE-2021-34480 787 Mem. Corr. 2021-08-12 2021-09-16
6.8
None Remote Medium Not required Partial Partial Partial
Scripting Engine Memory Corruption Vulnerability
131 CVE-2021-34448 787 Mem. Corr. 2021-07-16 2021-07-22
9.3
None Remote Medium Not required Complete Complete Complete
Scripting Engine Memory Corruption Vulnerability
132 CVE-2021-34384 787 DoS Exec Code Overflow Mem. Corr. 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.
133 CVE-2021-34379 119 Overflow Mem. Corr. 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.
134 CVE-2021-34374 20 DoS Mem. Corr. 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service.
135 CVE-2021-34306 119 Exec Code Overflow Mem. Corr. 2021-07-13 2021-07-27
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)
136 CVE-2021-33684 787 Mem. Corr. 2021-07-14 2021-07-27
5.0
None Remote Low Not required None None Partial
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
137 CVE-2021-33004 119 Exec Code Overflow Mem. Corr. 2021-06-24 2021-07-01
6.8
None Remote Medium Not required Partial Partial Partial
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
138 CVE-2021-32944 416 Exec Code Mem. Corr. 2021-06-17 2021-09-21
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.
139 CVE-2021-32626 787 Exec Code Overflow Mem. Corr. 2021-10-04 2021-11-28
6.5
None Remote Low ??? Partial Partial Partial
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
140 CVE-2021-31959 Mem. Corr. 2021-06-08 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Scripting Engine Memory Corruption Vulnerability
141 CVE-2021-31837 787 Exec Code Overflow Mem. Corr. 2021-06-09 2021-06-16
6.1
None Local Low Not required Partial Partial Complete
Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD.
142 CVE-2021-31495 119 Exec Code Overflow Mem. Corr. 2021-06-15 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307.
143 CVE-2021-31493 119 Exec Code Overflow Mem. Corr. 2021-06-15 2021-06-21
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304.
144 CVE-2021-30949 787 Exec Code Mem. Corr. 2021-08-24 2021-12-29
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.
145 CVE-2021-30942 787 Exec Code Mem. Corr. 2021-08-24 2022-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.
146 CVE-2021-30937 787 Exec Code Mem. Corr. 2021-08-24 2022-01-06
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.
147 CVE-2021-30926 787 Exec Code Mem. Corr. 2021-08-24 2021-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.
148 CVE-2021-30917 20 Exec Code Mem. Corr. 2021-08-24 2021-11-29
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution.
149 CVE-2021-30916 787 Exec Code Mem. Corr. 2021-08-24 2021-12-17
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.
150 CVE-2021-30914 787 Exec Code Mem. Corr. 2021-08-24 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1. An application may be able to execute arbitrary code with kernel privileges.
Total number of vulnerabilities : 415   Page : 1 2 3 (This Page)4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.