Zoom Client < 5.8.4 Multiple Vulnerabilities (ZSB-21019, ZSB-21020) - Windows

The Zoom Client is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Zoom Client < 5.8.4 Multiple Vulnerabilities (ZSB-21019, ZSB-21020) - Linux

The Zoom Client is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Zoom Client < 5.8.4 Multiple Vulnerabilities (ZSB-21019, ZSB-21020) - Mac OS X

The Zoom Client is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-34424

A vulnerability was discovered in the Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.8.4, Zoom Client for Meetings for Blackberry for Android and iOS before version 5.8.1, Zoom Client for Meetings for intune for Android and iOS before version 5.8.4, Zoom...

CVE-2021-34424

A vulnerability was discovered in the Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.8.4, Zoom Client for Meetings for Blackberry for Android and iOS before version 5.8.1, Zoom Client for Meetings for intune for Android and iOS before version 5.8.4, Zoom...

CVE-2021-34424

The CVE-2021-34424 entry concerns Zoom products (client and MMR servers) prior to versions around 5.8.x with a memory exposure/info-leak in deserialized data (ssb::variant_t) that could reveal heap/pointer data. The connected sources confirm the vulnerability’s existence, affected components, and...

CVE-2021-34424 Process memory exposure in Zoom Client and other products

A vulnerability was discovered in the Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.8.4, Zoom Client for Meetings for Blackberry for Android and iOS before version 5.8.1, Zoom Client for Meetings for intune for Android and iOS before version 5.8.4, Zoom...

CVE-2021-22563

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with...

CVE-2021-30831

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory...

Input validation

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory...

CVE-2021-30831

CVE-2021-30831 concerns Apple’s FontParser, where processing a maliciously crafted font could cause an out-of-bounds read leading to disclosure of process memory. The connected Apple Watch content explicitly ties this CVE to FontParser and notes the underlying issue as an out-of-bounds read addre...

CVE-2021-30831

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory...

NewStart CGSL CORE 5.05 / MAIN 5.05 : webkitgtk4 Multiple Vulnerabilities (NS-SA-2021-0166)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has webkitgtk4 packages installed that are affected by multiple vulnerabilities: - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS,...

EulerOS 2.0 SP3 : python-jinja2 (EulerOS-SA-2021-2609)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator an...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2569)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...

Design/Logic Flaw

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Google Chrome < 94.0.4606.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 94.0.4606.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202109stable-channel-update-for-desktop30 advisory. - Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remot...

CVE-2021-1820

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...

UBUNTU-CVE-2021-1820

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory...

Design/Logic Flaw

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciousl...