Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2321 | 1 Job Manager Project | 1 Job Manager | 2021-08-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field. | |||||
| CVE-2021-28639 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28638 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28637 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 8.8 HIGH | 7.1 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability achieve arbitrary read / write system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28636 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 8.5 HIGH | 7.3 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker with access to the victim's C:/ folder could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-37692 | 1 Google | 1 Tensorflow | 2021-08-31 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until `NewTensor` returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. We have patched the issue in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, which is the other affected version. | |||||
| CVE-2021-28627 | 1 Adobe | 1 Experience Manager | 2021-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interaction. | |||||
| CVE-2021-28628 | 1 Adobe | 1 Experience Manager | 2021-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-28625 | 1 Adobe | 1 Experience Manager | 2021-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-28635 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39137 | 1 Ethereum | 1 Go Ethereum | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a later date. A patch is included in the upcoming `v1.10.8` release. No workaround are available. | |||||
| CVE-2021-22932 | 1 Citrix | 1 Sharefile Storagezones Controller | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue. | |||||
| CVE-2021-28594 | 1 Adobe | 1 Creative Cloud Desktop Application | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39158 | 1 Nvidia | 1 Nvcaffe | 2021-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe. | |||||
| CVE-2020-15955 | 1 Fehcom | 1 S\/qmail | 2021-08-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker. | |||||
| CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. | |||||
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
| CVE-2016-8972 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |||||
| CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | N/A |
| lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||
| CVE-2014-3074 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | N/A |
| The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. | |||||
| CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 6.9 MEDIUM | N/A |
| libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | |||||
| CVE-2014-0930 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.7 MEDIUM | N/A |
| The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. | |||||
| CVE-2012-4817 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 5.0 MEDIUM | N/A |
| The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2012-4845 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 6.8 MEDIUM | N/A |
| The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | |||||
| CVE-2012-4833 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 2.1 LOW | N/A |
| fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | |||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2012-2200 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | N/A |
| The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. | |||||
| CVE-2012-2192 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.9 MEDIUM | N/A |
| The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | |||||
| CVE-2021-28634 | 1 Adobe | 2 Acrobat Dc, Acrobat Reader Dc | 2021-08-31 | 8.5 HIGH | 8.2 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on the host machine in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28616 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 5.8 MEDIUM | 7.1 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28615 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28611 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 5.8 MEDIUM | 7.1 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by an Our-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information and cause a denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28610 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28609 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28608 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28606 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28604 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28603 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28601 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28600 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-34823 | 1 On24 | 1 Screenshare | 2021-08-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines. | |||||
| CVE-2021-28618 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28617 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-18776 | 1 Libav | 1 Libav | 2021-08-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2021-39376 | 1 Philips | 1 Tasy Electronic Medical Record | 2021-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | |||||
| CVE-2021-37538 | 1 Smartdatasoft | 1 Smartblog | 2021-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. | |||||
| CVE-2021-38612 | 1 Nascent | 1 Remkon Device Manager | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | |||||