Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30502 1 Simple Glasgow Haskell Compiler Project 1 Simple Glasgow Haskell Compiler 2024-11-21 9.8 Critical
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.
CVE-2021-30497 1 Ivanti 1 Avalanche 2024-11-21 7.5 High
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
CVE-2021-30496 1 Telegram 1 Telegram 2024-11-21 5.7 Medium
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability."
CVE-2021-30494 1 Razer 1 Synapse 2024-11-21 5.5 Medium
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
CVE-2021-30493 1 Razer 1 Synapse 2024-11-21 5.5 Medium
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
CVE-2021-30490 2 Microsoft, Power-software-download 2 Windows, Viewpower 2024-11-21 7.8 High
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
CVE-2021-30487 1 Zulip 1 Zulip Server 2024-11-21 2.7 Low
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
CVE-2021-30486 1 Sysaid 1 Sysaid 2024-11-21 8.8 High
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
CVE-2021-30485 2 Debian, Ezxml Project 2 Debian Linux, Ezxml 2024-11-21 6.5 Medium
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30483 2 Isomorphic-git, Redhat 3 Isomorphic-git, Rhev Hypervisor, Rhev Manager 2024-11-21 5.3 Medium
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.
CVE-2021-30482 1 Jetbrains 1 Upsource 2024-11-21 7.5 High
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
CVE-2021-30480 3 Apple, Microsoft, Zoom 3 Macos, Windows, Chat 2024-11-21 8.5 High
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.
CVE-2021-30479 1 Zulip 1 Zulip Server 2024-11-21 5.3 Medium
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
CVE-2021-30478 1 Zulip 1 Zulip Server 2024-11-21 4.3 Medium
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
CVE-2021-30477 1 Zulip 1 Zulip Server 2024-11-21 4.3 Medium
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
CVE-2021-30476 1 Hashicorp 1 Terraform Provider 2024-11-21 9.8 Critical
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
CVE-2021-30475 2 Aomedia, Fedoraproject 2 Aomedia, Fedora 2024-11-21 9.8 Critical
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
CVE-2021-30474 1 Aomedia 1 Aomedia 2024-11-21 9.8 Critical
aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.
CVE-2021-30473 2 Aomedia, Fedoraproject 2 Aomedia, Fedora 2024-11-21 9.8 Critical
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
CVE-2021-30472 1 Podofo Project 1 Podofo 2024-11-21 7.8 High
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.