CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-119

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42721 119 Exec Code Overflow Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
2 CVE-2021-42267 119 Exec Code Overflow Mem. Corr. 2021-11-18 2021-11-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
3 CVE-2021-41771 119 Overflow 2021-11-08 2021-11-26
5.0
None Remote Low Not required None None Partial
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
4 CVE-2021-41289 119 Overflow 2021-11-15 2021-11-18
3.6
None Local Low Not required None Partial Partial
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.
5 CVE-2021-41121 119 Overflow Mem. Corr. 2021-10-06 2021-10-15
6.5
None Remote Low ??? Partial Partial Partial
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.
6 CVE-2021-40755 119 Exec Code Overflow Mem. Corr. 2021-11-18 2021-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7 CVE-2021-40142 119 DoS Overflow 2021-08-27 2021-09-01
5.0
None Remote Low Not required None None Partial
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
8 CVE-2021-39817 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
9 CVE-2021-39816 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
10 CVE-2021-39262 119 Overflow 2021-09-07 2021-11-17
6.9
None Local Medium Not required Complete Complete Complete
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
11 CVE-2021-39260 119 Overflow 2021-09-07 2021-11-17
6.9
None Local Medium Not required Complete Complete Complete
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
12 CVE-2021-39259 119 Overflow 2021-09-07 2021-11-17
6.9
None Local Medium Not required Complete Complete Complete
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
13 CVE-2021-38568 119 Overflow Mem. Corr. 2021-08-11 2021-08-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.
14 CVE-2021-38495 119 Overflow Mem. Corr. 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
15 CVE-2021-38493 119 Overflow Mem. Corr. 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
16 CVE-2021-38473 119 Overflow 2021-10-22 2021-10-27
6.5
None Remote Low ??? Partial Partial Partial
The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.
17 CVE-2021-38442 119 Exec Code Overflow 2021-10-18 2021-10-21
6.8
None Remote Medium Not required Partial Partial Partial
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.
18 CVE-2021-38436 119 Exec Code Overflow Mem. Corr. 2021-10-18 2021-10-21
6.8
None Remote Medium Not required Partial Partial Partial
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
19 CVE-2021-38201 119 DoS Overflow 2021-08-08 2021-10-07
5.0
None Remote Low Not required None None Partial
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
20 CVE-2021-38190 119 Overflow 2021-08-08 2021-08-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
21 CVE-2021-37002 119 Exec Code Overflow 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed.
22 CVE-2021-36993 119 Overflow 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
23 CVE-2021-36754 119 Overflow 2021-07-30 2021-08-07
5.0
None Remote Low Not required None None Partial
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
24 CVE-2021-36078 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
25 CVE-2021-36077 119 DoS Overflow Mem. Corr. 2021-09-01 2021-09-09
4.3
None Remote Medium Not required None None Partial
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.
26 CVE-2021-36076 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
27 CVE-2021-36070 119 Exec Code Overflow 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Media Encoder version 15.1 (and earlier) is affected by an improper memory access vulnerability when parsing a crafted .SVG file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
28 CVE-2021-36069 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
29 CVE-2021-36068 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
30 CVE-2021-36067 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
31 CVE-2021-36059 119 Exec Code Overflow Mem. Corr. 2021-09-01 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
32 CVE-2021-36017 119 Exec Code Overflow Mem. Corr. 2021-09-02 2021-09-08
9.3
None Remote Medium Not required Complete Complete Complete
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
33 CVE-2021-36009 119 Exec Code Overflow Mem. Corr. 2021-08-20 2021-11-06
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Illustrator version 25.2.3 (and earlier) is affected by an memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
34 CVE-2021-34859 119 Exec Code Overflow Mem. Corr. 2021-10-25 2021-10-27
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.
35 CVE-2021-34856 119 Exec Code Overflow Mem. Corr. 2021-10-25 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581.
36 CVE-2021-34550 119 Overflow 2021-06-29 2021-09-20
5.0
None Remote Low Not required None None Partial
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
37 CVE-2021-34379 119 Overflow Mem. Corr. 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.
38 CVE-2021-34378 119 DoS Overflow 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 11 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to information disclosure, denial of service, or escalation of privileges.
39 CVE-2021-34377 119 DoS Overflow 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 9 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to escalation of privileges, information disclosure, and denial of service.
40 CVE-2021-34376 119 DoS Overflow 2021-06-30 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 5 is missing. Improper restriction of operations within the bounds of a memory buffer might lead to denial of service, escalation of privileges, and information disclosure.
41 CVE-2021-34306 119 Exec Code Overflow Mem. Corr. 2021-07-13 2021-07-27
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)
42 CVE-2021-33737 119 Overflow 2021-09-14 2021-09-28
7.8
None Remote Low Not required None None Complete
A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a Denial-of-Service condition. A restart is needed to restore normal operations.
43 CVE-2021-33478 119 Exec Code Overflow 2021-07-22 2021-08-02
4.6
None Local Low Not required Partial Partial Partial
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
44 CVE-2021-33365 119 Overflow 2021-09-13 2021-09-23
4.3
None Remote Medium Not required Partial None None
Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
45 CVE-2021-33363 119 Overflow 2021-09-13 2021-09-23
4.3
None Remote Medium Not required Partial None None
Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
46 CVE-2021-33361 119 Overflow 2021-09-13 2021-09-23
4.3
None Remote Medium Not required Partial None None
Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.
47 CVE-2021-33004 119 Exec Code Overflow Mem. Corr. 2021-06-24 2021-07-01
6.8
None Remote Medium Not required Partial Partial Partial
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
48 CVE-2021-32992 119 Exec Code Overflow 2021-06-29 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.
49 CVE-2021-32781 119 DoS Overflow 2021-08-24 2021-08-31
5.0
None Remote Low Not required None None Partial
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.
50 CVE-2021-32537 119 Overflow 2021-07-07 2021-09-20
4.9
None Local Low Not required None None Complete
Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.