| CVE-2021-30762 | | 0.12 | — | 0.00 | KEV | Sep 8, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-30761 | | 0.12 | — | 0.01 | KEV | Sep 8, 2021 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-32648 | | 0.12 | — | 0.93 | KEV | Aug 26, 2021 | octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. |
| CVE-2021-31010 | | 0.12 | — | 0.01 | KEV | Aug 24, 2021 | A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. |
| CVE-2021-30983 | | 0.12 | — | 0.01 | KEV | Aug 24, 2021 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2021-30952 | | 0.12 | — | 0.01 | KEV | Aug 24, 2021 | An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2021-30900 | | 0.12 | — | 0.00 | KEV | Aug 24, 2021 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges. |
| CVE-2021-30883 | | 0.12 | — | 0.00 | KEV | Aug 24, 2021 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-30869 | | 0.12 | — | 0.02 | KEV | Aug 24, 2021 | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. |
| CVE-2021-30858 | | 0.12 | — | 0.01 | KEV | Aug 24, 2021 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
| CVE-2021-36948 | | 0.12 | — | 0.01 | KEV | Aug 12, 2021 | Windows Update Medic Service Elevation of Privilege Vulnerability |
| CVE-2021-34484 | | 0.12 | — | 0.03 | KEV | Aug 12, 2021 | Windows User Profile Service Elevation of Privilege Vulnerability |
| CVE-2021-30563 | | 0.12 | — | 0.03 | KEV | Aug 3, 2021 | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-36742 | | 0.12 | — | 0.01 | KEV | Jul 29, 2021 | A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| CVE-2021-36741 | | 0.12 | — | 0.01 | KEV | Jul 29, 2021 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability. |
| CVE-2021-34448 | | 0.12 | — | 0.02 | KEV | Jul 16, 2021 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-31196 | | 0.12 | — | 0.03 | KEV | Jul 14, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-30554 | | 0.12 | — | 0.04 | KEV | Jul 2, 2021 | Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-25394 | | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. |
| CVE-2021-25395 | | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. |
| CVE-2020-11261 | | 0.12 | — | 0.01 | KEV | Jun 9, 2021 | Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| CVE-2021-31955 | | 0.12 | — | 0.04 | KEV | Jun 8, 2021 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-31199 | | 0.12 | — | 0.01 | KEV | Jun 8, 2021 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-31201 | | 0.12 | — | 0.01 | KEV | Jun 8, 2021 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability |
| CVE-2021-22900 | | 0.12 | — | 0.01 | KEV | May 27, 2021 | A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. |
| CVE-2021-29256 | | 0.12 | — | 0.01 | KEV | May 24, 2021 | . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. |
| CVE-2021-28664 | | 0.12 | — | 0.00 | KEV | May 10, 2021 | The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0. |
| CVE-2021-28663 | | 0.12 | — | 0.04 | KEV | May 10, 2021 | The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. |
| CVE-2021-1906 | | 0.12 | — | 0.00 | KEV | May 7, 2021 | Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| CVE-2021-1905 | | 0.12 | — | 0.01 | KEV | May 7, 2021 | Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
| CVE-2021-1879 | | 0.12 | — | 0.01 | KEV | Apr 2, 2021 | This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-1871 | | 0.12 | — | 0.01 | KEV | Apr 2, 2021 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-1870 | | 0.12 | — | 0.01 | KEV | Apr 2, 2021 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-1789 | | 0.12 | — | 0.00 | KEV | Apr 2, 2021 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
| CVE-2021-1782 | | 0.12 | — | 0.06 | KEV | Apr 2, 2021 | A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. |
| CVE-2021-25372 | | 0.12 | — | 0.02 | KEV | Mar 26, 2021 | An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. |
| CVE-2021-25371 | | 0.12 | — | 0.02 | KEV | Mar 26, 2021 | A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. |
| CVE-2021-25370 | | 0.12 | — | 0.00 | KEV | Mar 26, 2021 | An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. |
| CVE-2021-25369 | | 0.12 | — | 0.00 | KEV | Mar 26, 2021 | An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. |
| CVE-2021-27059 | | 0.12 | — | 0.03 | KEV | Mar 11, 2021 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2021-27085 | | 0.12 | — | 0.02 | KEV | Mar 11, 2021 | Internet Explorer Remote Code Execution Vulnerability |
| CVE-2021-25337 | | 0.12 | — | 0.01 | KEV | Mar 4, 2021 | Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. |
| CVE-2021-23874 | | 0.12 | — | 0.01 | KEV | Feb 10, 2021 | Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. |
| CVE-2020-13671 | | 0.12 | — | 0.04 | KEV | Nov 20, 2020 | Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74. |
| CVE-2020-9907 | | 0.12 | — | 0.01 | KEV | Oct 16, 2020 | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. |
| CVE-2020-3569 | | 0.12 | — | 0.05 | KEV | Sep 23, 2020 | Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities. |
| CVE-2020-24557 | | 0.12 | — | 0.02 | KEV | Sep 1, 2020 | A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. |
| CVE-2020-3566 | | 0.12 | — | 0.02 | KEV | Aug 29, 2020 | A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability. |
| CVE-2020-1040 | | 0.12 | — | 0.00 | KEV | Jul 14, 2020 | A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. |
| CVE-2020-9818 | | 0.12 | — | 0.01 | KEV | Jun 9, 2020 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. |
