VYPR

CVEs

101,962 total · page 1277 of 2,040

  • CVE-2021-30758HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.02

    A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30752HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation.

  • CVE-2021-30749HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30748HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-30743HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2021-30742HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2021-30741HigSep 8, 2021
    risk 0.46cvss 7.1epss 0.01

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

  • CVE-2021-30740HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.02

    A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. A malicious application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-30739HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation.

  • CVE-2021-30737HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.01

    A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, iOS 12.5.4, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a…

  • CVE-2021-30736HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.02

    A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-30735HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

  • CVE-2021-30734HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30729HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.

  • CVE-2021-30728HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.

  • CVE-2021-30726HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A malicious application may be able to execute arbitrary code with kernel privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An out-of-bounds write issue was addressed with improved bounds checking.

  • CVE-2021-30725HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected…

  • CVE-2021-30724HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.01

    This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local attacker may be able to elevate their privileges.

  • CVE-2021-28701HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest…

  • CVE-2021-28581HigSep 8, 2021
    risk 0.48cvss 7.3epss 0.01

    Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.

  • CVE-2021-28580HigSep 8, 2021
    risk 0.58cvss 8.8epss 0.08

    Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffer overflow vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this…

  • CVE-2021-1923HigSep 8, 2021
    risk 0.51cvss 7.8epss 0.00

    Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT

  • CVE-2021-1914HigSep 8, 2021
    risk 0.49cvss 7.5epss 0.01

    Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

  • CVE-2021-36182HigSep 8, 2021
    risk 0.57cvss 8.8epss 0.02

    A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

  • CVE-2021-36179HigSep 8, 2021
    risk 0.52cvss 8.0epss 0.02

    A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution

  • CVE-2021-23404HigSep 8, 2021
    risk 0.49cvss 7.6epss 0.00

    This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a…

  • CVE-2021-37145HigSep 7, 2021
    risk 0.47cvss 7.2epss 0.02

    A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported…

  • CVE-2021-32800HigSep 7, 2021
    risk 0.00cvss 8.1epss 0.02

    Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account.…

  • CVE-2020-19769HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script.

  • CVE-2020-19768HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script.

  • CVE-2020-19767HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.

  • CVE-2020-19766HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application.

  • CVE-2020-19765HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.

  • CVE-2021-39500HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.

  • CVE-2021-37628HigSep 7, 2021
    risk 0.00cvss 7.5epss 0.02

    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share.…

  • CVE-2021-40143HigSep 7, 2021
    risk 0.53cvss 8.2epss 0.02

    Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.

  • CVE-2021-39503HigSep 7, 2021
    risk 0.47cvss 7.2epss 0.03

    PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.

  • CVE-2021-38706HigSep 7, 2021
    risk 0.57cvss 8.8epss 0.01

    messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.

  • CVE-2021-38705HigSep 7, 2021
    risk 0.57cvss 8.8epss 0.01

    ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to…

  • CVE-2020-19752HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.02

    The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.

  • CVE-2020-19750HigSep 7, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.

  • CVE-2021-39196HigSep 7, 2021
    risk 0.00cvss 7.7epss 0.01

    pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because…

  • CVE-2021-39195HigSep 7, 2021
    risk 0.00cvss 7.7epss 0.01

    Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal…

  • CVE-2021-38142HigSep 7, 2021
    risk 0.57cvss 8.8epss 0.00

    Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not…

  • CVE-2021-39263HigSep 7, 2021
    risk 0.51cvss 7.8epss 0.00

    A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

  • CVE-2021-39262HigSep 7, 2021
    risk 0.51cvss 7.8epss 0.00

    A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

  • CVE-2021-39261HigSep 7, 2021
    risk 0.51cvss 7.8epss 0.00

    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

  • CVE-2021-39260HigSep 7, 2021
    risk 0.51cvss 7.8epss 0.00

    A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

  • CVE-2021-39259HigSep 7, 2021
    risk 0.51cvss 7.8epss 0.00

    A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.

  • CVE-2021-39258HigSep 7, 2021
    risk 0.51cvss 7.8epss 0.00

    A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.