Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28603 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-18773 | 1 Exiv2 | 1 Exiv2 | 2021-08-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||||
| CVE-2020-18774 | 1 Exiv2 | 1 Exiv2 | 2021-08-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | |||||
| CVE-2021-28601 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28600 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-34823 | 1 On24 | 1 Screenshare | 2021-08-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines. | |||||
| CVE-2021-28618 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28617 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-08-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-18776 | 1 Libav | 1 Libav | 2021-08-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2021-39376 | 1 Philips | 1 Tasy Electronic Medical Record | 2021-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | |||||
| CVE-2021-37538 | 1 Smartdatasoft | 1 Smartblog | 2021-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year parameter to the controllers/front/archive.php archive controller, or the id_category parameter to the controllers/front/category.php category controller. | |||||
| CVE-2021-38612 | 1 Nascent | 1 Remkon Device Manager | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | |||||
| CVE-2021-38611 | 1 Nascent | 1 Remkon Device Manager | 2021-08-31 | 10.0 HIGH | 9.8 CRITICAL |
| A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php. | |||||
| CVE-2021-33191 | 1 Apache | 1 Nifi Minifi C\+\+ | 2021-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0 | |||||
| CVE-2021-26040 | 1 Joomla | 1 Joomla\! | 2021-08-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command. | |||||
| CVE-2021-36385 | 1 Cerner | 1 Mobile Care | 2021-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xp_cmdshell. | |||||
| CVE-2021-23432 | 1 Mootools Project | 1 Mootools | 2021-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() | |||||
| CVE-2021-23431 | 1 Joplinapp | 1 Joplin | 2021-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | |||||
| CVE-2021-23430 | 1 Startserver Project | 1 Startserver | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization. | |||||
| CVE-2021-23429 | 1 Transpile Project | 1 Transpile | 2021-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. | |||||