Search Results (363530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40723 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 5.5 Medium
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-40722 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 9.8 Critical
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
CVE-2021-40720 1 Adobe 1 Ops-cli 2024-11-21 9.8 Critical
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.
CVE-2021-40715 2 Adobe, Microsoft 2 Premiere Pro, Windows 2024-11-21 7.8 High
Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
CVE-2021-40710 2 Adobe, Microsoft 2 Premiere Pro, Windows 2024-11-21 N/A
Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
CVE-2021-40708 3 Adobe, Apple, Microsoft 3 Genuine Service, Macos, Windows 2024-11-21 7.3 High
Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability.
CVE-2021-40703 3 Adobe, Apple, Microsoft 3 Premiere Elements, Macos, Windows 2024-11-21 N/A
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-40702 3 Adobe, Apple, Microsoft 3 Premiere Elements, Macos, Windows 2024-11-21 N/A
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-40701 3 Adobe, Apple, Microsoft 3 Premiere Elements, Macos, Windows 2024-11-21 N/A
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-40700 3 Adobe, Apple, Microsoft 3 Premiere Elements, Macos, Windows 2024-11-21 N/A
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVE-2021-40699 1 Adobe 1 Coldfusion 2024-11-21 7.4 High
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an improper access control vulnerability when checking permissions in the CFIDE path. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
CVE-2021-40698 1 Adobe 1 Coldfusion 2024-11-21 7.4 High
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
CVE-2021-40695 1 Moodle 1 Moodle 2024-11-21 4.3 Medium
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVE-2021-40694 1 Moodle 1 Moodle 2024-11-21 4.9 Medium
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVE-2021-40693 1 Moodle 1 Moodle 2024-11-21 6.5 Medium
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVE-2021-40692 1 Moodle 1 Moodle 2024-11-21 4.3 Medium
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVE-2021-40691 1 Moodle 1 Moodle 2024-11-21 4.3 Medium
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40690 4 Apache, Debian, Oracle and 1 more 27 Cxf, Santuario Xml Security For Java, Tomee and 24 more 2024-11-21 7.5 High
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CVE-2021-40684 1 Talend 1 Esb Runtime 2024-11-21 9.1 Critical
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
CVE-2021-40683 2 Akamai, Microsoft 2 Enterprise Application Access, Windows 2024-11-21 7.8 High
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.