Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30676 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.6 MEDIUM | 7.1 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2021-30707 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2021-30708 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-30710 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.8 MEDIUM | 7.1 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. | |||||
| CVE-2021-30672 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-1945 | 1 Qualcomm | 412 Apq8053, Apq8053 Firmware, Apq8064au and 409 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1813 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-1817 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-1847 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-1843 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-1853 | 1 Apple | 1 Macos | 2021-09-16 | 4.6 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-30675 | 1 Apple | 1 Boot Camp | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges. | |||||
| CVE-2021-30715 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2021-1809 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to read restricted memory. | |||||
| CVE-2021-30712 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-1808 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to read restricted memory. | |||||
| CVE-2021-1828 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 8.8 HIGH | 7.1 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2020-7461 | 2 Freebsd, Siemens | 5 Freebsd, Simatic Rf350m, Simatic Rf350m Firmware and 2 more | 2021-09-16 | 7.5 HIGH | 7.3 HIGH |
| In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. | |||||
| CVE-2020-6590 | 1 Forcepoint | 3 Data Loss Prevention, Email Security, Web Security Content Gateway | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | |||||
| CVE-2020-15206 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | |||||
| CVE-2021-28961 | 1 Openwrt | 1 Openwrt | 2021-09-16 | 6.5 MEDIUM | 8.8 HIGH |
| applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | |||||
| CVE-2021-30717 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.8 MEDIUM | 8.1 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code. | |||||
| CVE-2021-30719 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.6 MEDIUM | 7.1 HIGH |
| A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code. | |||||
| CVE-2021-32833 | 1 Emby | 1 Emby.releases | 2021-09-16 | 4.3 MEDIUM | 8.6 HIGH |
| Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet. | |||||
| CVE-2021-30795 | 1 Apple | 5 Iphone Os, Macos, Safari and 2 more | 2021-09-16 | 9.3 HIGH | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30766 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-6496 | 4 Apple, Debian, Google and 1 more | 5 Macos, Debian Linux, Chrome and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-11582 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2021-09-16 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | |||||
| CVE-2020-11581 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2021-09-16 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | |||||
| CVE-2020-24436 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. | |||||
| CVE-2020-4607 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege Vault Remote On-premises, Windows | 2021-09-16 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884. | |||||
| CVE-2020-24559 | 3 Apple, Microsoft, Trendmicro | 6 Macos, Windows, Apex One and 3 more | 2021-09-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-24558 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2021-09-16 | 3.6 LOW | 7.1 HIGH |
| A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-21035 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-30765 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-7877 | 2 Mastersoft, Microsoft | 3 Zook Agent, Zook Viewer, Windows | 2021-09-16 | 6.5 MEDIUM | 8.8 HIGH |
| A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | |||||
| CVE-2021-30760 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-35527 | 1 Abb | 1 Esoms | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. | |||||
| CVE-2021-27031 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. | |||||
| CVE-2021-27030 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. | |||||
| CVE-2021-27028 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files. | |||||
| CVE-2021-27027 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure. | |||||
| CVE-2020-17516 | 1 Apache | 1 Cassandra | 2021-09-16 | 4.3 MEDIUM | 7.5 HIGH |
| Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement. | |||||
| CVE-2019-20044 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Ipad Os, Iphone Os, Mac Os X and 7 more | 2021-09-16 | 7.2 HIGH | 7.8 HIGH |
| In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | |||||
| CVE-2020-3757 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2021-09-16 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-6402 | 7 Apple, Debian, Fedoraproject and 4 more | 10 Macos, Debian Linux, Fedora and 7 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. | |||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| The express-cart package through 1.1.10 for Node.js allows CSRF. | |||||
| CVE-2021-30290 | 1 Qualcomm | 82 Qca6174a, Qca6174a Firmware, Qca6574 and 79 more | 2021-09-16 | 4.4 MEDIUM | 7.0 HIGH |
| Possible null pointer dereference due to race condition between timeline fence signal and time line fence destroy in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35223 | 1 Solarwinds | 1 Serv-u | 2021-09-16 | 6.5 MEDIUM | 8.8 HIGH |
| The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution. | |||||
| CVE-2021-33019 | 1 Deltaww | 1 Dopsoft | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | |||||