| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-21976 | Hig | 0.47 | 7.2 | 0.02 | Feb 11, 2021 | vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. | ||
| CVE-2021-21311 | — | Hig | 0.12 | 7.2 | 0.90 | KEV | Feb 11, 2021 | Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version… |
| CVE-2021-21063 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this… | ||
| CVE-2021-21062 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this… | ||
| CVE-2021-21059 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this… | ||
| CVE-2021-21058 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this… | ||
| CVE-2021-21054 | Hig | 0.51 | 7.8 | 0.04 | Feb 11, 2021 | Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of… | ||
| CVE-2021-21053 | Hig | 0.51 | 7.8 | 0.02 | Feb 11, 2021 | Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of… | ||
| CVE-2021-21052 | Hig | 0.51 | 7.8 | 0.04 | Feb 11, 2021 | Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user… | ||
| CVE-2021-21051 | Hig | 0.51 | 7.8 | 0.07 | Feb 11, 2021 | Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the… | ||
| CVE-2021-21050 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of… | ||
| CVE-2021-21049 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of… | ||
| CVE-2021-21048 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the… | ||
| CVE-2021-21047 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this… | ||
| CVE-2019-19005 | Hig | 0.44 | 7.8 | 0.01 | Feb 11, 2021 | A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | ||
| CVE-2021-21045 | Hig | 0.53 | 8.2 | 0.02 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the… | ||
| CVE-2021-21044 | Hig | 0.51 | 7.8 | 0.04 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to… | ||
| CVE-2021-21041 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21040 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21039 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21038 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to… | ||
| CVE-2021-21037 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21036 | Hig | 0.51 | 7.8 | 0.03 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21035 | Hig | 0.58 | 8.8 | 0.04 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21033 | Hig | 0.58 | 8.8 | 0.04 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21030 | Hig | 0.53 | 8.1 | 0.06 | Feb 11, 2021 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser.… | ||
| CVE-2021-21028 | Hig | 0.51 | 8.8 | 0.04 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21021 | Hig | 0.58 | 8.8 | 0.04 | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in… | ||
| CVE-2021-21017 | Hig | 0.76 | 8.8 | 0.86 | KEV | Feb 11, 2021 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code… | |
| CVE-2021-21015 | Hig | 0.45 | 8.0 | 0.03 | Feb 11, 2021 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the… | ||
| CVE-2021-21307 | Hig | 0.10 | 8.6 | 0.89 | Feb 11, 2021 | Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or… | ||
| CVE-2021-27191 | — | Hig | 0.42 | 7.5 | 0.02 | Feb 11, 2021 | The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion. | |
| CVE-2021-27184 | Hig | 0.49 | 7.5 | 0.02 | Feb 11, 2021 | Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered… | ||
| CVE-2021-25690 | Hig | 0.49 | 7.5 | 0.01 | Feb 11, 2021 | A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software. | ||
| CVE-2021-22880 | — | Hig | 0.49 | 7.5 | 0.04 | Feb 11, 2021 | The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too… | |
| CVE-2021-22656 | Hig | 0.49 | 7.5 | 0.03 | Feb 11, 2021 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | ||
| CVE-2021-22654 | Hig | 0.50 | 7.5 | 0.12 | Feb 11, 2021 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | ||
| CVE-2021-20188 | — | Hig | 0.39 | 7.0 | 0.00 | Feb 11, 2021 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root… | |
| CVE-2020-35498 | Hig | 0.49 | 7.5 | 0.08 | Feb 11, 2021 | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The… | ||
| CVE-2020-25493 | Hig | 0.49 | 7.5 | 0.01 | Feb 11, 2021 | Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | ||
| CVE-2021-20405 | Hig | 0.49 | 7.5 | 0.01 | Feb 11, 2021 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183. | ||
| CVE-2021-20403 | Hig | 0.57 | 8.8 | 0.00 | Feb 11, 2021 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||
| CVE-2020-8027 | Hig | 0.47 | 7.3 | 0.00 | Feb 11, 2021 | A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This… | ||
| CVE-2021-23335 | — | Hig | 0.49 | 7.5 | 0.01 | Feb 11, 2021 | All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | |
| CVE-2020-27874 | Hig | 0.57 | 8.8 | 0.02 | Feb 10, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists… | ||
| CVE-2020-27871 | Hig | 0.54 | 7.2 | 0.90 | Feb 10, 2021 | This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw… | ||
| CVE-2021-27186 | Hig | 0.00 | 7.5 | 0.02 | Feb 10, 2021 | Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | ||
| CVE-2021-25251 | Hig | 0.47 | 7.2 | 0.02 | Feb 10, 2021 | The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the… | ||
| CVE-2020-28596 | Hig | 0.51 | 7.8 | 0.01 | Feb 10, 2021 | A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this… | ||
| CVE-2020-28595 | Hig | 0.51 | 7.8 | 0.01 | Feb 10, 2021 | An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. |
- risk 0.47cvss 7.2epss 0.02
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.
- risk 0.12cvss 7.2epss 0.90
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this…
- risk 0.51cvss 7.8epss 0.04
Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of…
- risk 0.51cvss 7.8epss 0.02
Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of…
- risk 0.51cvss 7.8epss 0.04
Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…
- risk 0.51cvss 7.8epss 0.07
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted javascript file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the…
- risk 0.51cvss 7.8epss 0.03
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of…
- risk 0.51cvss 7.8epss 0.03
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of…
- risk 0.51cvss 7.8epss 0.03
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the…
- risk 0.51cvss 7.8epss 0.03
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this…
- risk 0.44cvss 7.8epss 0.01
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.
- risk 0.53cvss 8.2epss 0.02
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the…
- risk 0.51cvss 7.8epss 0.04
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.51cvss 7.8epss 0.03
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.58cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.58cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.53cvss 8.1epss 0.06
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser.…
- risk 0.51cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.58cvss 8.8epss 0.04
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in…
- risk 0.76cvss 8.8epss 0.86
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code…
- risk 0.45cvss 8.0epss 0.03
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the…
- risk 0.10cvss 8.6epss 0.89
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or…
- risk 0.42cvss 7.5epss 0.02
The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.
- risk 0.49cvss 7.5epss 0.02
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered…
- risk 0.49cvss 7.5epss 0.01
A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.
- risk 0.49cvss 7.5epss 0.04
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too…
- risk 0.49cvss 7.5epss 0.03
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
- risk 0.50cvss 7.5epss 0.12
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
- risk 0.39cvss 7.0epss 0.00
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root…
- risk 0.49cvss 7.5epss 0.08
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The…
- risk 0.49cvss 7.5epss 0.01
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic.
- risk 0.49cvss 7.5epss 0.01
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.
- risk 0.57cvss 8.8epss 0.00
IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
- risk 0.47cvss 7.3epss 0.00
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This…
- risk 0.49cvss 7.5epss 0.01
All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.
- risk 0.57cvss 8.8epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists…
- risk 0.54cvss 7.2epss 0.90
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw…
- risk 0.00cvss 7.5epss 0.02
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.
- risk 0.47cvss 7.2epss 0.02
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the…
- risk 0.51cvss 7.8epss 0.01
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this…
- risk 0.51cvss 7.8epss 0.01
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.