VYPR

CVEs

101,975 total · page 1275 of 2,040

  • CVE-2021-34718HigSep 9, 2021
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a…

  • CVE-2021-34713HigSep 9, 2021
    risk 0.48cvss 7.4epss 0.00

    A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of…

  • CVE-2021-32836HigSep 9, 2021
    risk 0.49cvss 7.5epss 0.02

    ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the…

  • CVE-2021-32834HigSep 9, 2021
    risk 0.53cvss 8.2epss 0.01

    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This…

  • CVE-2021-32833HigSep 9, 2021
    risk 0.56cvss 8.6epss 0.01

    Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are…

  • CVE-2021-30605HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.

  • CVE-2020-19137HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.01

    Incorrect Access Control in Autumn v1.0.4 and earlier allows remote attackers to obtain clear-text login credentials via the component "autumn-cms/user/getAllUser/?page=1&limit=10".

  • CVE-2021-38388HigSep 8, 2021
    risk 0.00cvss 8.8epss 0.01

    Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project.

  • CVE-2021-36216HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.

  • CVE-2021-32805HigSep 8, 2021
    risk 0.40cvss 7.2epss 0.01

    Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user…

  • CVE-2021-40346HigSep 8, 2021
    risk 0.04cvss 7.5epss 0.58

    An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

  • CVE-2021-3054HigSep 8, 2021
    risk 0.47cvss 7.2epss 0.01

    A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1…

  • CVE-2021-3053HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.01

    An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to…

  • CVE-2021-3052HigSep 8, 2021
    risk 0.52cvss 8.0epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the…

  • CVE-2021-3051HigSep 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions…

  • CVE-2021-33982HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.01

    An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

  • CVE-2021-28571HigSep 8, 2021
    risk 0.54cvss 8.3epss 0.03

    Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution…

  • CVE-2021-21105HigSep 8, 2021
    risk 0.58cvss 8.8epss 0.06

    Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of…

  • CVE-2021-21104HigSep 8, 2021
    risk 0.58cvss 8.8epss 0.05

    Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this…

  • CVE-2021-21897HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.03

    A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-30719HigSep 8, 2021
    risk 0.46cvss 7.1epss 0.00

    A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code.

  • CVE-2021-30717HigSep 8, 2021
    risk 0.53cvss 8.1epss 0.02

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.

  • CVE-2021-30715HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.02

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

  • CVE-2021-30713HigKEVSep 8, 2021
    risk 0.63cvss 7.8epss 0.07

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2021-30712HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.04

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

  • CVE-2021-30710HigSep 8, 2021
    risk 0.46cvss 7.1epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of…

  • CVE-2021-30708HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected…

  • CVE-2021-30707HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.02

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2021-30704HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with…

  • CVE-2021-30703HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary…

  • CVE-2021-30701HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2021-30698HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.02

    A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

  • CVE-2021-30693HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2021-30688HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.00

    A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.

  • CVE-2021-30684HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution.

  • CVE-2021-30683HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information.

  • CVE-2021-30681HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A…

  • CVE-2021-30680HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions.

  • CVE-2021-30679HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges.

  • CVE-2021-30677HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.00

    This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of…

  • CVE-2021-30676HigSep 8, 2021
    risk 0.46cvss 7.1epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.

  • CVE-2021-30675HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in Boot Camp 6.1.14. A malicious application may be able to elevate privileges.

  • CVE-2021-30672HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.

  • CVE-2021-30666HigKEVSep 8, 2021
    risk 0.69cvss 8.8epss 0.03

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

  • CVE-2021-30665HigKEVSep 8, 2021
    risk 0.69cvss 8.8epss 0.04

    A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is…

  • CVE-2021-30664HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

  • CVE-2021-30663HigKEVSep 8, 2021
    risk 0.69cvss 8.8epss 0.04

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30662HigSep 8, 2021
    risk 0.48cvss 7.3epss 0.01

    This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

  • CVE-2021-30661HigKEVSep 8, 2021
    risk 0.70cvss 8.8epss 0.05

    A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is…

  • CVE-2021-30660HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.02

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.