Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34478 | 1 Microsoft | 2 365 Apps, Office | 2021-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-37847 | 1 Pengutronix | 1 Barebox | 2021-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. | |||||
| CVE-2021-29376 | 2 Debian, Eterna | 2 Debian Linux, Ircii | 2021-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. | |||||
| CVE-2021-30480 | 3 Apple, Microsoft, Zoom | 3 Macos, Windows, Chat | 2021-09-21 | 9.0 HIGH | 8.8 HIGH |
| Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. | |||||
| CVE-2021-32198 | 1 Emtec | 1 Zoc | 2021-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by telling the ZOC window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. In other words, it does not implement a usleep or similar delay upon processing a title change. | |||||
| CVE-2021-28693 | 1 Xen | 1 Xen | 2021-09-21 | 2.1 LOW | 5.5 MEDIUM |
| xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. | |||||
| CVE-2021-31530 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2021-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. | |||||
| CVE-2021-28690 | 1 Xen | 1 Xen | 2021-09-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. | |||||
| CVE-2021-30757 | 1 Apple | 1 Imovie | 2021-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. | |||||
| CVE-2021-1812 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-21 | 9.3 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2021-30804 | 1 Apple | 1 Iphone Os | 2021-09-21 | 4.3 MEDIUM | 3.3 LOW |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data. | |||||
| CVE-2021-1814 | 1 Apple | 2 Macos, Watchos | 2021-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-27940 | 1 Apple | 1 Apple Tv | 2021-09-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app. | |||||
| CVE-2021-30800 | 1 Apple | 1 Iphone Os | 2021-09-21 | 5.8 MEDIUM | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. | |||||
| CVE-2021-1872 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2021-09-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled. | |||||
| CVE-2021-1874 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-20 | 9.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-35525 | 1 Postsrsd Project | 1 Postsrsd | 2021-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless." | |||||
| CVE-2021-30655 | 1 Apple | 2 Mac Os X, Macos | 2021-09-20 | 10.0 HIGH | 9.8 CRITICAL |
| An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic. | |||||
| CVE-2020-27511 | 1 Prototypejs | 1 Prototype | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. | |||||
| CVE-2021-30679 | 1 Apple | 2 Mac Os X, Macos | 2021-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges. | |||||