Vulnerability Disclosures

• • CVE-2021-28639: Adobe Acrobat Reader DC Remote Code Execution Vulnerability     A use after free due to incorrect handling of objects in memory exists in AcroRd32.dll version 21.005.20048.43252, a core component of Acrobat Reader version 2021.005.20048.
      Published Aug, 2021 - CVSS3.1: 9.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. Discovered by glitchnsec
       • CWE-416,

• • CVE-2021-34529: Visual Studio Code Remote Code Execution Vulnerability     Visual Studio Code prior to 1.58.1 fails to warn users of potentially dangerous actions involving untrusted and possibly remote projects/workspaces.
      Published Aug, 2021 - CVSS3.1: 9.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. Discovered by glitchnsec
       • CWE-356,

• • CVE-2021-28472: Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability     A command injection due to improper validation of user input exists in the Maven for Java Extension prior to 0.29.0.
      Published Aug, 2021 - CVSS3.1: 9.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. Discovered by glitchnsec
       • CWE-15, CWE-78,

• • CVE-2021-30638: Apache Tapestry ContextAssetRequestHandler Information Disclosure     An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later
      Published Apr, 2021 - CVSS3.1: 8.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. Discovered by glitchnsec
       • CWE-200,

subscribe via RSS