Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1851 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-20 | 9.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-1872 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2021-09-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled. | |||||
| CVE-2021-1874 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-20 | 9.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-34394 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-09-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification. | |||||
| CVE-2021-34391 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-09-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service. | |||||
| CVE-2021-34390 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-09-20 | 2.1 LOW | 5.5 MEDIUM |
| Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service. | |||||
| CVE-2021-35331 | 1 Tcl | 1 Tcl | 2021-09-20 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding. | |||||
| CVE-2021-35209 | 1 Zimbra | 1 Collaboration | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting). | |||||
| CVE-2021-30557 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30556 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30555 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. | |||||
| CVE-2021-30554 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-20 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-35474 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-32567 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-32566 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-34550 | 1 Torproject | 1 Tor | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor | |||||
| CVE-2021-32565 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-27577 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | |||||
| CVE-2021-32722 | 1 Miraheze | 1 Globalnewfiles | 2021-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load balancing and a lack of an appropriate index. As a workaround, one may avoid use of the extension unless additional rate limit at the MediaWiki level or via PoolCounter / MySQL is enabled. A patch is available in version 48be7adb70568e20e961ea1cb70904454a671b1d. | |||||
| CVE-2021-35525 | 1 Postsrsd Project | 1 Postsrsd | 2021-09-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless." | |||||