CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2021-29571 787 Exec Code Mem. Corr. 2021-05-14 2021-07-26
4.6
None Local Low Not required Partial Partial Partial
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of `boxes` input is 4, as required by [the op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in `boxes` is less than 4, accesses similar to `tboxes(b, bb, 3)` will access data outside of bounds. Further during code execution there are also writes to these indices. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
202 CVE-2021-28702 269 Mem. Corr. 2021-10-06 2021-12-16
4.6
None Local Low Not required Partial Partial Partial
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
203 CVE-2021-28664 269 DoS Mem. Corr. 2021-05-10 2021-06-17
9.0
None Remote Low ??? Complete Complete Complete
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0.
204 CVE-2021-28605 788 Exec Code Mem. Corr. 2021-08-24 2021-08-31
9.3
None Remote Medium Not required Complete Complete Complete
Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
205 CVE-2021-28602 788 Exec Code Mem. Corr. 2021-08-24 2021-08-31
6.8
None Remote Medium Not required Partial Partial Partial
Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
206 CVE-2021-28561 788 Exec Code Mem. Corr. 2021-09-02 2021-09-15
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
207 CVE-2021-28452 119 Overflow Mem. Corr. 2021-04-13 2021-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Outlook Memory Corruption Vulnerability
208 CVE-2021-28362 191 Mem. Corr. 2021-03-24 2021-03-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.
209 CVE-2021-28136 787 Mem. Corr. 2021-09-07 2021-09-09
3.3
None Local Network Low Not required None None Partial
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.
210 CVE-2021-28037 Mem. Corr. 2021-03-05 2021-03-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>.
211 CVE-2021-27804 787 Mem. Corr. 2021-03-02 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
212 CVE-2021-27627 20 Mem. Corr. 2021-06-09 2021-11-04
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
213 CVE-2021-27626 20 Mem. Corr. 2021-06-09 2021-11-04
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
214 CVE-2021-27625 20 Mem. Corr. 2021-06-09 2021-11-04
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
215 CVE-2021-27624 20 Mem. Corr. 2021-06-09 2021-11-04
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
216 CVE-2021-27623 20 Mem. Corr. 2021-06-09 2021-06-14
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
217 CVE-2021-27622 20 Mem. Corr. 2021-06-09 2021-11-04
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
218 CVE-2021-27620 20 Mem. Corr. 2021-06-09 2021-11-04
4.3
None Remote Medium Not required None None Partial
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
219 CVE-2021-27397 119 Exec Code Overflow Mem. Corr. 2021-05-12 2021-05-19
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287)
220 CVE-2021-27271 119 Exec Code Overflow Mem. Corr. 2021-03-30 2021-04-01
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438.
221 CVE-2021-27242 119 Exec Code Overflow Mem. Corr. 2021-03-29 2021-04-01
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926.
222 CVE-2021-27219 681 Overflow Mem. Corr. 2021-02-15 2021-07-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
223 CVE-2021-27046 787 Exec Code Mem. Corr. 2021-09-15 2021-09-28
4.4
None Local Medium Not required Partial Partial Partial
A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.
224 CVE-2021-27028 787 Exec Code Mem. Corr. 2021-04-19 2021-09-16
6.8
None Remote Medium Not required Partial Partial Partial
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.
225 CVE-2021-26435 787 Mem. Corr. 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Windows Scripting Engine Memory Corruption Vulnerability
226 CVE-2021-26419 119 Overflow Mem. Corr. 2021-05-11 2021-05-17
7.6
None Remote High Not required Complete Complete Complete
Scripting Engine Memory Corruption Vulnerability
227 CVE-2021-26411 119 Overflow Mem. Corr. 2021-03-11 2021-03-18
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer Memory Corruption Vulnerability
228 CVE-2021-25491 476 Mem. Corr. 2021-10-06 2021-10-13
2.1
None Local Low Not required None None Partial
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
229 CVE-2021-25462 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
230 CVE-2021-25458 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
231 CVE-2021-25370 Mem. Corr. 2021-03-26 2021-03-31
4.9
None Local Low Not required None None Complete
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
232 CVE-2021-25174 400 DoS Mem. Corr. 2021-01-18 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).
233 CVE-2021-23994 909 Mem. Corr. 2021-06-24 2021-07-02
6.8
None Remote Medium Not required Partial Partial Partial
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
234 CVE-2021-23988 119 Overflow Mem. Corr. 2021-03-31 2021-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87.
235 CVE-2021-23987 119 Overflow Mem. Corr. 2021-03-31 2021-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
236 CVE-2021-23983 119 Overflow Mem. Corr. 2021-03-31 2021-08-06
4.3
None Remote Medium Not required None None Partial
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87.
237 CVE-2021-23981 119 Overflow Mem. Corr. +Info 2021-03-31 2021-08-06
5.8
None Remote Medium Not required Partial None Partial
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
238 CVE-2021-23979 119 Overflow Mem. Corr. 2021-02-26 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86.
239 CVE-2021-23978 Mem. Corr. 2021-02-26 2021-05-01
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
240 CVE-2021-23965 119 Overflow Mem. Corr. 2021-02-26 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85.
241 CVE-2021-23964 119 Overflow Mem. Corr. 2021-02-26 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
242 CVE-2021-23954 843 Mem. Corr. 2021-02-26 2021-03-03
6.8
None Remote Medium Not required Partial Partial Partial
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
243 CVE-2021-22940 416 Mem. Corr. 2021-08-16 2021-12-07
5.0
None Remote Low Not required None Partial None
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
244 CVE-2021-22930 416 Mem. Corr. 2021-10-07 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
245 CVE-2021-22678 20 Exec Code Mem. Corr. 2021-04-23 2021-04-30
6.8
None Remote Medium Not required Partial Partial Partial
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.
246 CVE-2021-22555 787 +Priv Mem. Corr. 2021-07-07 2022-01-06
4.6
None Local Low Not required Partial Partial Partial
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
247 CVE-2021-21871 787 Mem. Corr. 2021-06-29 2021-07-02
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version.
248 CVE-2021-21862 190 Overflow Mem. Corr. 2021-08-18 2021-08-26
6.8
None Remote Medium Not required Partial Partial Partial
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability.
249 CVE-2021-21861 681 Overflow Mem. Corr. 2021-08-16 2021-10-18
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
250 CVE-2021-21860 681 Overflow Mem. Corr. 2021-08-16 2021-10-18
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.
Total number of vulnerabilities : 415   Page : 1 2 3 4 5 (This Page)6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.