| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32808 | Hig | 0.49 | 7.6 | 0.01 | Aug 12, 2021 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could… | ||
| CVE-2021-38604 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2021 | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | ||
| CVE-2021-38599 | — | Hig | 0.42 | 7.5 | 0.01 | Aug 12, 2021 | WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user… | |
| CVE-2021-38291 | Hig | 0.49 | 7.5 | 0.03 | Aug 12, 2021 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | ||
| CVE-2021-27794 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. | ||
| CVE-2021-27792 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP… | ||
| CVE-2021-27790 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution… | ||
| CVE-2020-20981 | Hig | 0.49 | 7.5 | 0.01 | Aug 12, 2021 | A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information. | ||
| CVE-2021-38088 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | ||
| CVE-2021-38086 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2021 | Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. | ||
| CVE-2021-37841 | Hig | 0.51 | 7.8 | 0.01 | Aug 12, 2021 | Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads… | ||
| CVE-2020-24576 | Hig | 0.57 | 8.8 | 0.02 | Aug 12, 2021 | Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | ||
| CVE-2021-38593 | — | Hig | 0.00 | 7.5 | 0.03 | Aug 12, 2021 | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). | |
| CVE-2021-38592 | Hig | 0.49 | 7.5 | 0.01 | Aug 12, 2021 | Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). | ||
| CVE-2021-38589 | Hig | 0.53 | 8.1 | 0.01 | Aug 11, 2021 | In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588). | ||
| CVE-2021-38588 | Hig | 0.53 | 8.1 | 0.00 | Aug 11, 2021 | In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | ||
| CVE-2021-38587 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). | ||
| CVE-2021-38585 | Hig | 0.47 | 7.2 | 0.01 | Aug 11, 2021 | The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | ||
| CVE-2021-38584 | Hig | 0.47 | 7.2 | 0.01 | Aug 11, 2021 | The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). | ||
| CVE-2021-37697 | Hig | 0.00 | 7.1 | 0.01 | Aug 11, 2021 | tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit… | ||
| CVE-2021-37696 | Hig | 0.00 | 7.1 | 0.01 | Aug 11, 2021 | tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1.… | ||
| CVE-2021-37627 | Hig | 0.52 | 8.0 | 0.01 | Aug 11, 2021 | Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form… | ||
| CVE-2021-37626 | Hig | 0.47 | 7.2 | 0.01 | Aug 11, 2021 | Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the… | ||
| CVE-2021-36770 | Hig | 0.00 | 7.8 | 0.01 | Aug 11, 2021 | Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021… | ||
| CVE-2021-38571 | Hig | 0.51 | 7.8 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502. | ||
| CVE-2021-38569 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects. | ||
| CVE-2021-38567 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204. | ||
| CVE-2021-38566 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes. | ||
| CVE-2021-38565 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm. | ||
| CVE-2021-1110 | Hig | 0.46 | 7.1 | 0.00 | Aug 11, 2021 | NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components. | ||
| CVE-2021-1109 | Hig | 0.47 | 7.2 | 0.00 | Aug 11, 2021 | NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams. | ||
| CVE-2021-1108 | Hig | 0.47 | 7.3 | 0.00 | Aug 11, 2021 | NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. | ||
| CVE-2021-1107 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2021 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components. | ||
| CVE-2021-1106 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2021 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on… | ||
| CVE-2020-25564 | Hig | 0.57 | 8.8 | 0.01 | Aug 11, 2021 | In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | ||
| CVE-2020-25561 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2021 | SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | ||
| CVE-2017-16632 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | In SapphireIMS 4097_1, the password in the database is stored in Base64 format. | ||
| CVE-2017-16630 | Hig | 0.57 | 8.8 | 0.01 | Aug 11, 2021 | In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. | ||
| CVE-2017-16629 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact… | ||
| CVE-2021-32439 | Hig | 0.00 | 7.8 | 0.01 | Aug 11, 2021 | Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. | ||
| CVE-2021-38085 | Hig | 0.54 | 7.8 | 0.01 | Aug 11, 2021 | The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of… | ||
| CVE-2021-37694 | Hig | 0.57 | 8.7 | 0.01 | Aug 11, 2021 | @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no… | ||
| CVE-2020-21976 | Hig | 0.57 | 8.8 | 0.02 | Aug 11, 2021 | An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | ||
| CVE-2021-3050 | Hig | 0.57 | 8.8 | 0.02 | Aug 11, 2021 | An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4… | ||
| CVE-2021-20427 | Hig | 0.49 | 7.5 | 0.01 | Aug 11, 2021 | IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | ||
| CVE-2021-32947 | Hig | 0.51 | 7.8 | 0.02 | Aug 11, 2021 | FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | ||
| CVE-2021-32939 | Hig | 0.51 | 7.8 | 0.02 | Aug 11, 2021 | FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution. | ||
| CVE-2021-32931 | Hig | 0.51 | 7.8 | 0.02 | Aug 11, 2021 | An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | ||
| CVE-2021-23420 | Hig | 0.43 | 7.7 | 0.03 | Aug 11, 2021 | This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. | ||
| CVE-2021-0196 | Hig | 0.51 | 7.8 | 0.00 | Aug 11, 2021 | Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. |
- risk 0.49cvss 7.6epss 0.01
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could…
- risk 0.49cvss 7.5epss 0.03
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
- risk 0.42cvss 7.5epss 0.01
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user…
- risk 0.49cvss 7.5epss 0.03
FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
- risk 0.51cvss 7.8epss 0.00
A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST.
- risk 0.51cvss 7.8epss 0.00
The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service crash. An authenticated attacker could use this weakness to cause the FOS HTTP…
- risk 0.51cvss 7.8epss 0.00
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution…
- risk 0.49cvss 7.5epss 0.01
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
- risk 0.51cvss 7.8epss 0.00
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
- risk 0.51cvss 7.8epss 0.00
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.
- risk 0.51cvss 7.8epss 0.01
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads…
- risk 0.57cvss 8.8epss 0.02
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.
- risk 0.00cvss 7.5epss 0.03
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
- risk 0.49cvss 7.5epss 0.01
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).
- risk 0.53cvss 8.1epss 0.01
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
- risk 0.53cvss 8.1epss 0.00
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
- risk 0.49cvss 7.5epss 0.01
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
- risk 0.47cvss 7.2epss 0.01
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
- risk 0.47cvss 7.2epss 0.01
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
- risk 0.00cvss 7.1epss 0.01
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit…
- risk 0.00cvss 7.1epss 0.01
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1.…
- risk 0.52cvss 8.0epss 0.01
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form…
- risk 0.47cvss 7.2epss 0.01
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the…
- risk 0.00cvss 7.8epss 0.01
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021…
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption via recursive function calls during the handling of XFA forms or link objects.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It mishandles missing dictionary entries, leading to a NULL pointer dereference, aka CNVD-C-2021-95204.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm.
- risk 0.46cvss 7.1epss 0.00
NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and serious data corruption of all kernel components.
- risk 0.47cvss 7.2epss 0.00
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across several streams.
- risk 0.47cvss 7.3epss 0.00
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components.
- risk 0.51cvss 7.8epss 0.00
NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on…
- risk 0.57cvss 8.8epss 0.01
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature.
- risk 0.51cvss 7.8epss 0.00
SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client.
- risk 0.49cvss 7.5epss 0.01
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
- risk 0.57cvss 8.8epss 0.01
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
- risk 0.49cvss 7.5epss 0.01
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact…
- risk 0.00cvss 7.8epss 0.01
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
- risk 0.54cvss 7.8epss 0.01
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of…
- risk 0.57cvss 8.7epss 0.01
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no…
- risk 0.57cvss 8.8epss 0.02
An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
- risk 0.57cvss 8.8epss 0.02
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4…
- risk 0.49cvss 7.5epss 0.01
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314.
- risk 0.51cvss 7.8epss 0.02
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.02
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.
- risk 0.51cvss 7.8epss 0.02
An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- risk 0.43cvss 7.7epss 0.03
This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.
- risk 0.51cvss 7.8epss 0.00
Improper access control in kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.