Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30768 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-30777 | 1 Apple | 2 Mac Os X, Macos | 2021-09-17 | 9.3 HIGH | 7.8 HIGH |
| An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-30773 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks. | |||||
| CVE-2021-30654 | 1 Apple | 1 Garageband | 2021-09-17 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. | |||||
| CVE-2021-30779 | 1 Apple | 4 Iphone Os, Macos, Tvos and 1 more | 2021-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30780 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2021-09-17 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-30686 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory. | |||||
| CVE-2021-30685 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information. | |||||
| CVE-2021-30782 | 1 Apple | 1 Mac Os X | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to access restricted files. | |||||
| CVE-2021-37579 | 1 Apache | 1 Dubbo | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Dubbo Provider will check the incoming request and the corresponding serialization type of this request meet the configuration set by the server. But there's an exception that the attacker can use to skip the security check (when enabled) and reaching a deserialization operation with native java serialization. Apache Dubbo 2.7.13, 3.0.2 fixed this issue by quickly fail when any unrecognized request was found. | |||||
| CVE-2021-36161 | 1 Apache | 1 Dubbo | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13 | |||||
| CVE-2021-34786 | 1 Cisco | 1 Broadworks Commpilot Application Software | 2021-09-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | |||||
| CVE-2020-36254 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2021-09-17 | 6.8 MEDIUM | 8.1 HIGH |
| scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. | |||||
| CVE-2021-34785 | 1 Cisco | 1 Broadworks Commpilot Application Software | 2021-09-17 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. | |||||
| CVE-2021-34771 | 1 Cisco | 1 Ios Xr | 2021-09-17 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. | |||||
| CVE-2021-3051 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2021-09-17 | 6.8 MEDIUM | 8.1 HIGH |
| An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances. | |||||
| CVE-2021-30659 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2021-09-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information. | |||||
| CVE-2021-1854 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-17 | 4.3 MEDIUM | 4.3 MEDIUM |
| A call termination issue with was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops. . | |||||
| CVE-2021-1860 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 7.1 HIGH | 6.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory. | |||||
| CVE-2021-1846 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Processing a maliciously crafted audio file may disclose restricted memory. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds read was addressed with improved input validation. | |||||
| CVE-2021-1859 | 1 Apple | 1 Macos | 2021-09-17 | 7.8 HIGH | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked. | |||||
| CVE-2016-6185 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2021-09-17 | 4.6 MEDIUM | 7.8 HIGH |
| The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | |||||
| CVE-2021-30706 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks. | |||||
| CVE-2021-30678 | 1 Apple | 2 Mac Os X, Macos | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-30664 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2014-8152 | 1 Apache | 1 Santuario Xml Security For Java | 2021-09-17 | 5.0 MEDIUM | N/A |
| Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. | |||||
| CVE-2013-4517 | 1 Apache | 1 Xml Security For Java | 2021-09-17 | 4.3 MEDIUM | N/A |
| Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. | |||||
| CVE-2013-2210 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154. | |||||
| CVE-2013-2172 | 1 Apache | 1 Xml Security For Java | 2021-09-17 | 4.3 MEDIUM | N/A |
| jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." | |||||
| CVE-2013-2156 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. | |||||
| CVE-2013-2155 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 5.8 MEDIUM | N/A |
| Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. | |||||
| CVE-2013-2154 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. | |||||
| CVE-2013-2153 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 4.3 MEDIUM | N/A |
| The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." | |||||
| CVE-2013-0021 | 1 Microsoft | 1 Internet Explorer | 2021-09-17 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." | |||||
| CVE-2011-2516 | 2 Apache, Shibboleth | 2 Xml Security For C\+\+, Shibboleth-sp | 2021-09-17 | 5.0 MEDIUM | N/A |
| Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. | |||||
| CVE-2021-1884 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2021-30663 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-1875 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. | |||||
| CVE-2021-1865 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-16 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. | |||||
| CVE-2021-30676 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.6 MEDIUM | 7.1 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2021-30707 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2021-30708 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-1864 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2021-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. | |||||
| CVE-2021-30710 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.8 MEDIUM | 7.1 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. | |||||
| CVE-2021-1863 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-16 | 2.1 LOW | 2.4 LOW |
| An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. | |||||
| CVE-2021-30674 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory. | |||||
| CVE-2021-30668 | 1 Apple | 1 Macos | 2021-09-16 | 2.1 LOW | 4.6 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update. | |||||
| CVE-2021-30667 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-16 | 4.8 MEDIUM | 5.4 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism. | |||||
| CVE-2021-30672 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. | |||||
| CVE-2021-1945 | 1 Qualcomm | 412 Apq8053, Apq8053 Firmware, Apq8064au and 409 more | 2021-09-16 | 5.0 MEDIUM | 7.5 HIGH |
| Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||