Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1859 | 1 Apple | 1 Macos | 2021-09-17 | 7.8 HIGH | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked. | |||||
| CVE-2016-6185 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2021-09-17 | 4.6 MEDIUM | 7.8 HIGH |
| The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | |||||
| CVE-2021-30706 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks. | |||||
| CVE-2021-30678 | 1 Apple | 2 Mac Os X, Macos | 2021-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-30664 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2014-8152 | 1 Apache | 1 Santuario Xml Security For Java | 2021-09-17 | 5.0 MEDIUM | N/A |
| Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. | |||||
| CVE-2013-4517 | 1 Apache | 1 Xml Security For Java | 2021-09-17 | 4.3 MEDIUM | N/A |
| Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures. | |||||
| CVE-2013-2156 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. | |||||
| CVE-2013-2155 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 5.8 MEDIUM | N/A |
| Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. | |||||
| CVE-2013-2154 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. | |||||
| CVE-2013-2153 | 1 Apache | 1 Xml Security For C\+\+ | 2021-09-17 | 4.3 MEDIUM | N/A |
| The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." | |||||
| CVE-2013-0021 | 1 Microsoft | 1 Internet Explorer | 2021-09-17 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." | |||||
| CVE-2021-30663 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-1875 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. | |||||
| CVE-2021-1865 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-16 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. | |||||
| CVE-2021-30676 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 6.6 MEDIUM | 7.1 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2021-30707 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2021-30708 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-1864 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2021-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. | |||||
| CVE-2021-30710 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 5.8 MEDIUM | 7.1 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents. | |||||