Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30517 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30516 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30515 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30514 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30513 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30512 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30511 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.1 High
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
CVE-2021-30510 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30509 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.
CVE-2021-30508 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30507 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2024-11-21 8.8 High
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2021-30506 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2024-11-21 8.8 High
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2021-30504 1 Jetbrains 1 Intellij Idea 2024-11-21 7.5 High
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.
CVE-2021-30503 1 Glsl Linting Project 1 Glsl Linting 2024-11-21 9.8 Critical
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration.
CVE-2021-30502 1 Simple Glasgow Haskell Compiler Project 1 Simple Glasgow Haskell Compiler 2024-11-21 9.8 Critical
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.
CVE-2021-30497 1 Ivanti 1 Avalanche 2024-11-21 7.5 High
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.
CVE-2021-30496 1 Telegram 1 Telegram 2024-11-21 5.7 Medium
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability."
CVE-2021-30494 1 Razer 1 Synapse 2024-11-21 5.5 Medium
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
CVE-2021-30493 1 Razer 1 Synapse 2024-11-21 5.5 Medium
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
CVE-2021-30490 2 Microsoft, Power-software-download 2 Windows, Viewpower 2024-11-21 7.8 High
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.