| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30623 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30623 Use after free in Bookmarks | ||
| CVE-2021-30622 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30622 Use after free in WebApp Installs | ||
| CVE-2021-30620 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | ||
| CVE-2021-30618 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | ||
| CVE-2021-30616 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30616 Use after free in Media | ||
| CVE-2021-30614 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | ||
| CVE-2021-30613 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30613 Use after free in Base internals | ||
| CVE-2021-30612 | Hig | 0.57 | 8.8 | 0.03 | Sep 3, 2021 | Chromium: CVE-2021-30612 Use after free in WebRTC | ||
| CVE-2021-30611 | Hig | 0.57 | 8.8 | 0.03 | Sep 3, 2021 | Chromium: CVE-2021-30611 Use after free in WebRTC | ||
| CVE-2021-30610 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30610 Use after free in Extensions API | ||
| CVE-2021-30609 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30609 Use after free in Sign-In | ||
| CVE-2021-30608 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30608 Use after free in Web Share | ||
| CVE-2021-30607 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30607 Use after free in Permissions | ||
| CVE-2021-30606 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2021 | Chromium: CVE-2021-30606 Use after free in Blink | ||
| CVE-2021-23437 | — | Hig | 0.42 | 7.5 | 0.03 | Sep 3, 2021 | The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | |
| CVE-2021-40490 | Hig | 0.00 | 7.0 | 0.00 | Sep 3, 2021 | A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. | ||
| CVE-2021-38312 | Hig | 0.46 | 7.1 | 0.01 | Sep 2, 2021 | The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback`… | ||
| CVE-2021-36017 | Hig | 0.51 | 7.8 | 0.02 | Sep 2, 2021 | Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.… | ||
| CVE-2021-35996 | Hig | 0.51 | 7.8 | 0.02 | Sep 2, 2021 | Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.… | ||
| CVE-2021-35994 | Hig | 0.51 | 7.8 | 0.02 | Sep 2, 2021 | Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.… | ||
| CVE-2021-35993 | Hig | 0.51 | 7.8 | 0.02 | Sep 2, 2021 | Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.… | ||
| CVE-2021-28564 | Hig | 0.57 | 8.8 | 0.04 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to… | ||
| CVE-2021-28561 | Hig | 0.57 | 8.8 | 0.03 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-28560 | Hig | 0.63 | 8.8 | 0.67 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code… | ||
| CVE-2021-28558 | Hig | 0.58 | 8.8 | 0.10 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability… | ||
| CVE-2021-28553 | Hig | 0.57 | 8.8 | 0.04 | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-28550 | Hig | 0.73 | 8.8 | 0.52 | KEV | Sep 2, 2021 | Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | |
| CVE-2021-22793 | Hig | 0.47 | 7.2 | 0.01 | Sep 2, 2021 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol. | ||
| CVE-2021-22792 | Hig | 0.49 | 7.5 | 0.01 | Sep 2, 2021 | A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all… | ||
| CVE-2021-22775 | Hig | 0.51 | 7.8 | 0.00 | Sep 2, 2021 | A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | ||
| CVE-2020-13929 | Hig | 0.49 | 7.5 | 0.03 | Sep 2, 2021 | Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||
| CVE-2021-39187 | Hig | 0.42 | 7.5 | 0.02 | Sep 2, 2021 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver… | ||
| CVE-2021-21086 | Hig | 0.51 | 7.8 | 0.05 | Sep 2, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve… | ||
| CVE-2021-33938 | Hig | 0.49 | 7.5 | 0.01 | Sep 2, 2021 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||
| CVE-2021-33930 | Hig | 0.49 | 7.5 | 0.01 | Sep 2, 2021 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||
| CVE-2021-33929 | Hig | 0.49 | 7.5 | 0.01 | Sep 2, 2021 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||
| CVE-2021-33928 | Hig | 0.49 | 7.5 | 0.01 | Sep 2, 2021 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service. | ||
| CVE-2021-31796 | Hig | 0.49 | 7.5 | 0.02 | Sep 2, 2021 | An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually… | ||
| CVE-2021-39115 | Hig | 0.47 | 7.2 | 0.04 | Sep 1, 2021 | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template… | ||
| CVE-2021-40387 | Hig | 0.57 | 8.8 | 0.02 | Sep 1, 2021 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. | ||
| CVE-2021-40385 | Hig | 0.57 | 8.8 | 0.01 | Sep 1, 2021 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. | ||
| CVE-2021-39181 | Hig | 0.00 | 8.8 | 0.02 | Sep 1, 2021 | OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code… | ||
| CVE-2020-20341 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2021 | YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. | ||
| CVE-2020-20340 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2021 | A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | ||
| CVE-2021-30355 | Hig | 0.56 | 8.6 | 0.07 | Sep 1, 2021 | Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | ||
| CVE-2021-40382 | Hig | 0.54 | 7.5 | 0.23 | Sep 1, 2021 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access. | ||
| CVE-2021-40381 | Hig | 0.54 | 7.5 | 0.23 | Sep 1, 2021 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access. | ||
| CVE-2021-40380 | Hig | 0.54 | 7.5 | 0.23 | Sep 1, 2021 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials. | ||
| CVE-2021-40379 | Hig | 0.53 | 7.5 | 0.22 | Sep 1, 2021 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization. | ||
| CVE-2021-40378 | Hig | 0.57 | 8.1 | 0.15 | Sep 1, 2021 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device. |
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30623 Use after free in Bookmarks
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30622 Use after free in WebApp Installs
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30616 Use after free in Media
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30613 Use after free in Base internals
- risk 0.57cvss 8.8epss 0.03
Chromium: CVE-2021-30612 Use after free in WebRTC
- risk 0.57cvss 8.8epss 0.03
Chromium: CVE-2021-30611 Use after free in WebRTC
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30610 Use after free in Extensions API
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30609 Use after free in Sign-In
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30608 Use after free in Web Share
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30607 Use after free in Permissions
- risk 0.58cvss 8.8epss 0.04
Chromium: CVE-2021-30606 Use after free in Blink
- risk 0.42cvss 7.5epss 0.03
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
- risk 0.00cvss 7.0epss 0.00
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
- risk 0.46cvss 7.1epss 0.01
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback`…
- risk 0.51cvss 7.8epss 0.02
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…
- risk 0.51cvss 7.8epss 0.02
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…
- risk 0.51cvss 7.8epss 0.02
Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…
- risk 0.51cvss 7.8epss 0.02
Adobe After Effects version 18.2.1 (and earlier) is affected by an out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…
- risk 0.57cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to…
- risk 0.57cvss 8.8epss 0.03
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.63cvss 8.8epss 0.67
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code…
- risk 0.58cvss 8.8epss 0.10
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability…
- risk 0.57cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.73cvss 8.8epss 0.52
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.47cvss 7.2epss 0.01
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.
- risk 0.49cvss 7.5epss 0.01
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…
- risk 0.51cvss 7.8epss 0.00
A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.
- risk 0.49cvss 7.5epss 0.03
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
- risk 0.42cvss 7.5epss 0.02
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver…
- risk 0.51cvss 7.8epss 0.05
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve…
- risk 0.49cvss 7.5epss 0.01
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
- risk 0.49cvss 7.5epss 0.01
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
- risk 0.49cvss 7.5epss 0.01
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
- risk 0.49cvss 7.5epss 0.01
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
- risk 0.49cvss 7.5epss 0.02
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually…
- risk 0.47cvss 7.2epss 0.04
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template…
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.
- risk 0.00cvss 8.8epss 0.02
OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code…
- risk 0.49cvss 7.5epss 0.01
YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function.
- risk 0.49cvss 7.5epss 0.01
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
- risk 0.56cvss 8.6epss 0.07
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
- risk 0.54cvss 7.5epss 0.23
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.
- risk 0.54cvss 7.5epss 0.23
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.
- risk 0.54cvss 7.5epss 0.23
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.
- risk 0.53cvss 7.5epss 0.22
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.
- risk 0.57cvss 8.1epss 0.15
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.