Total
34268 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30653 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. | ||||
| CVE-2021-30651 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 4.9 Medium |
| A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | ||||
| CVE-2021-30620 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 8.8 High |
| Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | ||||
| CVE-2021-30618 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 8.8 High |
| Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | ||||
| CVE-2021-30617 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 6.5 Medium |
| Chromium: CVE-2021-30617 Policy bypass in Blink | ||||
| CVE-2021-30615 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 6.5 Medium |
| Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | ||||
| CVE-2021-30587 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2021-30582 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-30502 | 1 Simple Glasgow Haskell Compiler Project | 1 Simple Glasgow Haskell Compiler | 2024-11-21 | 9.8 Critical |
| The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand. | ||||
| CVE-2021-30496 | 1 Telegram | 1 Telegram | 2024-11-21 | 5.7 Medium |
| The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability." | ||||
| CVE-2021-30487 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 2.7 Low |
| In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. | ||||
| CVE-2021-30480 | 3 Apple, Microsoft, Zoom | 3 Macos, Windows, Chat | 2024-11-21 | 8.5 High |
| Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. | ||||
| CVE-2021-30477 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to. | ||||
| CVE-2021-30476 | 1 Hashicorp | 1 Terraform Provider | 2024-11-21 | 9.8 Critical |
| HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1. | ||||
| CVE-2021-30356 | 1 Checkpoint | 1 Identity Agent | 2024-11-21 | 8.1 High |
| A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. | ||||
| CVE-2021-30346 | 1 Qualcomm | 56 Ar8035, Ar8035 Firmware, Qca9984 and 53 more | 2024-11-21 | 6.5 Medium |
| RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-30345 | 1 Qualcomm | 56 Ar8035, Ar8035 Firmware, Qca9984 and 53 more | 2024-11-21 | 6.5 Medium |
| RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-30339 | 1 Qualcomm | 110 Ar8035, Ar8035 Firmware, Qca6391 and 107 more | 2024-11-21 | 9 Critical |
| Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-30281 | 1 Qualcomm | 294 Aqt1000, Aqt1000 Firmware, Ar8031 and 291 more | 2024-11-21 | 8.4 High |
| Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-30185 | 1 Cern | 1 Indico | 2024-11-21 | 7.5 High |
| CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. | ||||