Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25218 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition. | |||||
| CVE-2021-30295 | 1 Qualcomm | 248 Apq8017, Apq8017 Firmware, Apq8053 and 245 more | 2021-09-15 | 7.2 HIGH | 7.8 HIGH |
| Possible heap overflow due to improper validation of local variable while storing current task information locally in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2020-19766 | 1 Tokenerc20 Project | 1 Tokenerc20 | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. | |||||
| CVE-2021-30787 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2021-30788 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2021-09-15 | 5.8 MEDIUM | 7.1 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. | |||||
| CVE-2021-37145 | 1 Poly | 4 Cx5100, Cx5100 Firmware, Cx5500 and 1 more | 2021-09-15 | 6.5 MEDIUM | 7.2 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-30799 | 1 Apple | 3 Iphone Os, Mac Os X, Macos | 2021-09-15 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30789 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-30790 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-3053 | 1 Paloaltonetworks | 1 Pan-os | 2021-09-15 | 7.1 HIGH | 7.5 HIGH |
| An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access. | |||||
| CVE-2021-1762 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-19765 | 1 Proofofdiligencetoken Project | 1 Proofofdiligencetoken | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | |||||
| CVE-2021-30775 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2021-39500 | 1 Eyoucms | 1 Eyoucms | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories. | |||||
| CVE-2020-19137 | 1 Autumn Project | 1 Autumn | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10". | |||||
| CVE-2021-1840 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-30605 | 2 Google, Microsoft | 4 Chrome Os Readiness Tool, Windows 10, Windows 7 and 1 more | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls. | |||||
| CVE-2021-1839 | 1 Apple | 2 Mac Os X, Macos | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-1838 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-28558 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-15 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-36216 | 1 Linecorp | 1 Line | 2021-09-15 | 4.6 MEDIUM | 7.8 HIGH |
| LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. | |||||
| CVE-2021-28553 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-15 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28550 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-15 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-1833 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges. | |||||
| CVE-2021-28565 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-15 | 9.3 HIGH | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28564 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-15 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28560 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-15 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-27942 | 1 Apple | 1 Mac Os X | 2021-09-15 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-33982 | 1 Myfwc | 1 Fish \| Hunt Fl | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | |||||
| CVE-2019-14287 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2021-09-15 | 9.0 HIGH | 8.8 HIGH |
| In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. | |||||
| CVE-2020-11301 | 1 Qualcomm | 534 Apq8009, Apq8009 Firmware, Apq8017 and 531 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-1914 | 1 Qualcomm | 310 Apq8009, Apq8009 Firmware, Apq8009w and 307 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1923 | 1 Qualcomm | 168 Aqt1000, Aqt1000 Firmware, Qca6390 and 165 more | 2021-09-14 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT | |||||
| CVE-2021-1930 | 1 Qualcomm | 194 Aqt1000, Aqt1000 Firmware, Csrb31024 and 191 more | 2021-09-14 | 3.6 LOW | 7.1 HIGH |
| Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30797 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. | |||||
| CVE-2021-35993 | 1 Adobe | 1 After Effects | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-30759 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2021-30758 | 1 Apple | 5 Iphone Os, Macos, Safari and 2 more | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-30729 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results. | |||||
| CVE-2021-30764 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks. | |||||
| CVE-2021-30762 | 1 Apple | 1 Iphone Os | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-30761 | 1 Apple | 1 Iphone Os | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-30742 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-09-14 | 6.8 MEDIUM | 7.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2021-30741 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-09-14 | 5.8 MEDIUM | 7.1 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. | |||||
| CVE-2021-35050 | 1 Fidelissecurity | 2 Deception, Network | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.3. This vulnerability has been addressed in version 9.3.3 and subsequent versions. | |||||
| CVE-2021-35049 | 1 Fidelissecurity | 2 Deception, Network | 2021-09-14 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | |||||
| CVE-2021-35047 | 1 Fidelissecurity | 2 Deception, Network | 2021-09-14 | 9.0 HIGH | 8.8 HIGH |
| Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | |||||
| CVE-2021-39608 | 1 Flatcore | 1 Flatcore-cms | 2021-09-14 | 9.0 HIGH | 7.2 HIGH |
| Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. | |||||
| CVE-2021-21033 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21028 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||