Export limit exceeded: 351281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30509 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension. | ||||
| CVE-2021-30508 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30507 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | 8.8 High |
| Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2021-30506 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | 8.8 High |
| Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page. | ||||
| CVE-2021-30504 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. | ||||
| CVE-2021-30497 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 High |
| Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | ||||
| CVE-2021-30490 | 2 Microsoft, Power-software-download | 2 Windows, Viewpower | 2024-11-21 | 7.8 High |
| upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. | ||||
| CVE-2021-30486 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 8.8 High |
| SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). | ||||
| CVE-2021-30482 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 7.5 High |
| In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly | ||||
| CVE-2021-30480 | 3 Apple, Microsoft, Zoom | 3 Macos, Windows, Chat | 2024-11-21 | 8.5 High |
| Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. | ||||
| CVE-2021-30472 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 7.8 High |
| A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value. | ||||
| CVE-2021-30468 | 3 Apache, Oracle, Redhat | 8 Cxf, Tomee, Business Intelligence and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. | ||||
| CVE-2021-30465 | 3 Fedoraproject, Linuxfoundation, Redhat | 6 Fedora, Runc, Enterprise Linux and 3 more | 2024-11-21 | 8.5 High |
| runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. | ||||
| CVE-2021-30464 | 1 Omicronenergy | 1 Stationguard | 2024-11-21 | 7.5 High |
| OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port. | ||||
| CVE-2021-30463 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 7.8 High |
| VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely. | ||||
| CVE-2021-30462 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 7.2 High |
| VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts. | ||||
| CVE-2021-30360 | 1 Checkpoint | 1 Endpoint Security | 2024-11-21 | 7.8 High |
| Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. | ||||
| CVE-2021-30359 | 2 Checkpoint, Microsoft | 3 Harmony Browse, Sandblast Agent For Browsers, Windows | 2024-11-21 | 7.8 High |
| The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges. | ||||
| CVE-2021-30358 | 1 Checkpoint | 1 Mobile Access Portal Agent | 2024-11-21 | 7.2 High |
| Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent. | ||||
| CVE-2021-30356 | 1 Checkpoint | 1 Identity Agent | 2024-11-21 | 8.1 High |
| A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. | ||||