Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30521 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-30529 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30528 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2021-12-01 | 9.3 HIGH | 8.8 HIGH |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | |||||
| CVE-2018-25015 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2021-12-01 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. | |||||
| CVE-2020-7879 | 1 Iptime | 2 C200, C200 Firmware | 2021-12-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. | |||||
| CVE-2021-3769 | 1 Planetargon | 1 Oh My Zsh | 2021-12-01 | 10.0 HIGH | 9.8 CRITICAL |
| # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme. | |||||
| CVE-2021-30518 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30520 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-26612 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2021-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code. | |||||
| CVE-2021-43783 | 1 Backstage | 1 Backstage | 2021-12-01 | 5.5 MEDIUM | 8.5 HIGH |
| @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates. | |||||
| CVE-2021-30519 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30539 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2021-30537 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. | |||||
| CVE-2021-30535 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30534 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2021-30533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | |||||
| CVE-2020-6332 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6331 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6330 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||