| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11261 | 0.12 | — | 0.02 | KEV | Jun 9, 2021 | Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &… | ||
| CVE-2021-33742 | 0.18 | — | 0.59 | KEV | Jun 8, 2021 | Windows MSHTML Platform Remote Code Execution Vulnerability | ||
| CVE-2021-33739 | 0.13 | — | 0.07 | KEV | Jun 8, 2021 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | ||
| CVE-2021-31955 | 0.12 | — | 0.80 | KEV | Jun 8, 2021 | Windows Kernel Information Disclosure Vulnerability | ||
| CVE-2021-31956 | 0.19 | — | 0.20 | KEV | Jun 8, 2021 | Windows NTFS Elevation of Privilege Vulnerability | ||
| CVE-2021-31199 | 0.12 | — | 0.03 | KEV | Jun 8, 2021 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | ||
| CVE-2021-31201 | 0.12 | — | 0.03 | KEV | Jun 8, 2021 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | ||
| CVE-2021-1675 | 0.29 | — | 0.86 | KEV | Jun 8, 2021 | Windows Print Spooler Remote Code Execution Vulnerability | ||
| CVE-2021-30533 | 0.13 | — | 0.17 | KEV | Jun 7, 2021 | Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | ||
| CVE-2021-27852 | — | 0.14 | — | 0.32 | KEV | May 27, 2021 | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7. | |
| CVE-2021-22900 | 0.12 | — | 0.14 | KEV | May 27, 2021 | A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | ||
| CVE-2021-22899 | 0.14 | — | 0.22 | KEV | May 27, 2021 | A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | ||
| CVE-2021-22894 | 0.15 | — | 0.41 | KEV | May 27, 2021 | A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | ||
| CVE-2021-21985 | 0.29 | — | 1.00 | KEV | May 26, 2021 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute… | ||
| CVE-2021-27562 | Med | 0.42 | 5.5 | 0.03 | KEV | May 25, 2021 | In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. | |
| CVE-2021-29256 | 0.12 | — | 0.03 | KEV | May 24, 2021 | . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0… | ||
| CVE-2021-28799 | 0.25 | — | 0.78 | KEV | May 13, 2021 | An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2;… | ||
| CVE-2021-31207 | 0.29 | — | 1.00 | KEV | May 11, 2021 | Microsoft Exchange Server Security Feature Bypass Vulnerability | ||
| CVE-2021-31166 | 0.22 | — | 1.00 | KEV | May 11, 2021 | HTTP Protocol Stack Remote Code Execution Vulnerability | ||
| CVE-2021-28664 | 0.12 | — | 0.05 | KEV | May 10, 2021 | The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0,… | ||
| CVE-2021-28663 | 0.12 | — | 0.12 | KEV | May 10, 2021 | The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0… | ||
| CVE-2021-31755 | 0.20 | — | 0.86 | KEV | May 7, 2021 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | ||
| CVE-2021-1906 | 0.12 | — | 0.01 | KEV | May 7, 2021 | Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2021-1905 | 0.12 | — | 0.01 | KEV | May 7, 2021 | Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon… | ||
| CVE-2021-32030 | 0.20 | — | 0.99 | KEV | May 6, 2021 | The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This… | ||
| CVE-2021-1498 | 0.23 | — | 1.00 | KEV | May 6, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this… | ||
| CVE-2021-1497 | 0.23 | — | 1.00 | KEV | May 6, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this… | ||
| CVE-2021-21551 | 0.21 | — | 0.57 | KEV | May 4, 2021 | Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. | ||
| CVE-2021-20090 | 0.20 | — | 1.00 | KEV | Apr 29, 2021 | A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | ||
| CVE-2021-21224 | 0.15 | — | 0.58 | KEV | Apr 26, 2021 | Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2021-21206 | 0.13 | — | 0.09 | KEV | Apr 26, 2021 | Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-21220 | 0.22 | — | 0.70 | KEV | Apr 26, 2021 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2021-22205 | 0.29 | — | 1.00 | KEV | Apr 23, 2021 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | ||
| CVE-2021-22204 | 0.23 | — | 1.00 | KEV | Apr 23, 2021 | Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | ||
| CVE-2021-22893 | 0.25 | — | 0.47 | KEV | Apr 23, 2021 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code… | ||
| CVE-2021-20023 | 0.22 | — | 0.51 | KEV | Apr 20, 2021 | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | ||
| CVE-2021-3493 | 0.19 | — | 0.44 | KEV | Apr 17, 2021 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu… | ||
| CVE-2020-2509 | 0.19 | — | 0.34 | KEV | Apr 17, 2021 | A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build… | ||
| CVE-2021-28310 | 0.16 | — | 0.08 | KEV | Apr 13, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2021-20022 | 0.21 | — | 0.17 | KEV | Apr 9, 2021 | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | ||
| CVE-2021-20021 | 0.25 | — | 0.83 | KEV | Apr 9, 2021 | A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | ||
| CVE-2021-1879 | 0.12 | — | 0.07 | KEV | Apr 2, 2021 | This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue… | ||
| CVE-2021-1871 | 0.12 | — | 0.07 | KEV | Apr 2, 2021 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a… | ||
| CVE-2021-1870 | 0.12 | — | 0.08 | KEV | Apr 2, 2021 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a… | ||
| CVE-2021-1789 | 0.12 | — | 0.15 | KEV | Apr 2, 2021 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web… | ||
| CVE-2021-1782 | 0.12 | — | 0.02 | KEV | Apr 2, 2021 | A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple… | ||
| CVE-2021-21975 | 0.29 | — | 0.78 | KEV | Mar 31, 2021 | Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | ||
| CVE-2021-22991 | 0.18 | — | 0.61 | KEV | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which… | ||
| CVE-2021-22986 | 0.29 | — | 1.00 | KEV | Mar 31, 2021 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution… | ||
| CVE-2021-25372 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. |
- risk 0.12cvss —epss 0.02
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…
- risk 0.18cvss —epss 0.59
Windows MSHTML Platform Remote Code Execution Vulnerability
- risk 0.13cvss —epss 0.07
Microsoft DWM Core Library Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.80
Windows Kernel Information Disclosure Vulnerability
- risk 0.19cvss —epss 0.20
Windows NTFS Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.03
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- risk 0.12cvss —epss 0.03
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
- risk 0.29cvss —epss 0.86
Windows Print Spooler Remote Code Execution Vulnerability
- risk 0.13cvss —epss 0.17
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
- risk 0.14cvss —epss 0.32
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.
- risk 0.12cvss —epss 0.14
A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
- risk 0.14cvss —epss 0.22
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature
- risk 0.15cvss —epss 0.41
A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.
- risk 0.29cvss —epss 1.00
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute…
- risk 0.42cvss 5.5epss 0.03
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
- risk 0.12cvss —epss 0.03
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0…
- risk 0.25cvss —epss 0.78
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2;…
- risk 0.29cvss —epss 1.00
Microsoft Exchange Server Security Feature Bypass Vulnerability
- risk 0.22cvss —epss 1.00
HTTP Protocol Stack Remote Code Execution Vulnerability
- risk 0.12cvss —epss 0.05
The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0,…
- risk 0.12cvss —epss 0.12
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0…
- risk 0.20cvss —epss 0.86
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
- risk 0.12cvss —epss 0.01
Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.12cvss —epss 0.01
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…
- risk 0.20cvss —epss 0.99
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This…
- risk 0.23cvss —epss 1.00
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this…
- risk 0.23cvss —epss 1.00
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this…
- risk 0.21cvss —epss 0.57
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
- risk 0.20cvss —epss 1.00
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
- risk 0.15cvss —epss 0.58
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- risk 0.13cvss —epss 0.09
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.22cvss —epss 0.70
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.29cvss —epss 1.00
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
- risk 0.23cvss —epss 1.00
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
- risk 0.25cvss —epss 0.47
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code…
- risk 0.22cvss —epss 0.51
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
- risk 0.19cvss —epss 0.44
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu…
- risk 0.19cvss —epss 0.34
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build…
- risk 0.16cvss —epss 0.08
Win32k Elevation of Privilege Vulnerability
- risk 0.21cvss —epss 0.17
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
- risk 0.25cvss —epss 0.83
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
- risk 0.12cvss —epss 0.07
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue…
- risk 0.12cvss —epss 0.07
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a…
- risk 0.12cvss —epss 0.08
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a…
- risk 0.12cvss —epss 0.15
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web…
- risk 0.12cvss —epss 0.02
A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple…
- risk 0.29cvss —epss 0.78
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
- risk 0.18cvss —epss 0.61
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which…
- risk 0.29cvss —epss 1.00
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution…
- risk 0.12cvss —epss 0.01
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.