Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11019 | 1 Ddrt | 2 Dashcom Live, Dashcom Live Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs. | |||||
| CVE-2019-1724 | 1 Cisco | 4 Rv320 Dual Gigabit Wan Vpn Router, Rv320 Dual Gigabit Wan Vpn Router Software, Rv325 Dual Wan Gigabit Vpn Router and 1 more | 2021-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session. | |||||
| CVE-2018-8090 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2021-09-13 | 6.8 MEDIUM | 7.8 HIGH |
| Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading. | |||||
| CVE-2018-6218 | 1 Trendmicro | 5 Deep Security, Endpoint Sensor, Officescan and 2 more | 2021-09-13 | 5.1 MEDIUM | 7.0 HIGH |
| A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | |||||
| CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | |||||
| CVE-2014-5068 | 1 Microsemi | 2 S350i, S350i Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. | |||||
| CVE-2016-6914 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2021-09-13 | 7.2 HIGH | 7.8 HIGH |
| Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||||
| CVE-2017-8012 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2021-09-13 | 5.8 MEDIUM | 7.4 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-8776 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. | |||||
| CVE-2017-7408 | 1 Paloaltonetworks | 1 Traps | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||||
| CVE-2017-5169 | 1 Hanwha-security | 1 Smart Security Manager | 2021-09-13 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2017-5168 | 1 Hanwha-security | 1 Smart Security Manager | 2021-09-13 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2016-6270 | 1 Trendmicro | 1 Virtual Mobile Infrastructure | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | |||||
| CVE-2017-5329 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2021-09-13 | 4.6 MEDIUM | 7.8 HIGH |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | |||||
| CVE-2017-5328 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors. | |||||
| CVE-2018-17555 | 1 Commscope | 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | |||||
| CVE-2018-12922 | 1 Vertiv | 2 Liebert Intellislot, Liebert Intellislot Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. | |||||
| CVE-2018-10990 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2021-09-13 | 7.5 HIGH | 8.0 HIGH |
| On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. | |||||
| CVE-2017-9492 | 2 Cisco, Commscope | 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | |||||
| CVE-2017-9489 | 2 Cisco, Commscope | 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more | 2021-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | |||||
| CVE-2017-8631 | 1 Microsoft | 9 Excel, Excel 2007, Excel 2010 and 6 more | 2021-09-13 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. | |||||
| CVE-2017-8803 | 2 Mh-nexus, Notepad-plus-plus | 2 Hex Editor, Notepad\+\+ | 2021-09-13 | 6.8 MEDIUM | 7.8 HIGH |
| Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands. | |||||
| CVE-2016-4514 | 1 Moxa | 2 Pt-7728, Pt-7728 Firmware | 2021-09-13 | 4.6 MEDIUM | 7.7 HIGH |
| Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | |||||
| CVE-2016-10273 | 1 Jensenofscandinavia | 1 Air\ | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint. | |||||
| CVE-2016-8368 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2021-09-13 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. | |||||
| CVE-2016-8370 | 1 Mitsubishielectric | 6 Qj71e71-100, Qj71e71-100 Firmware, Qj71e71-b2 and 3 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC. | |||||
| CVE-2018-11654 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. | |||||
| CVE-2018-6479 | 1 Seasofsolutions | 2 Ip Camera, Ip Camera Firmware | 2021-09-13 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. | |||||
| CVE-2019-3495 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-3496 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2019-3497 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | |||||
| CVE-2015-6028 | 1 Castlerock | 1 Snmpc | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | |||||
| CVE-2019-18631 | 1 Centrify | 3 Authentication Service, Infrastructure Services, Privilege Elevation Service | 2021-09-13 | 5.1 MEDIUM | 7.8 HIGH |
| The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers to execute arbitrary code inside the Centrify process via (1) a crafted application that makes a pipe connection to the process and sends malicious serialized data or (2) a crafted Microsoft Management Console snap-in control file. | |||||
| CVE-2016-3675 | 1 Huawei | 2 Policy Center, Policy Center Firmware | 2021-09-13 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. | |||||
| CVE-2016-9587 | 2 Ansible, Redhat | 3 Ansible, Ansible, Openstack | 2021-09-13 | 9.3 HIGH | 8.1 HIGH |
| Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | |||||
| CVE-2021-28845 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key. | |||||
| CVE-2021-20027 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. | |||||
| CVE-2021-24006 | 1 Fortinet | 1 Fortimanager | 2021-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. | |||||
| CVE-2021-38706 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. | |||||
| CVE-2020-7819 | 2 Microsoft, Ntracker | 2 Windows, Ntracker Usb Enterprise | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | |||||
| CVE-2021-40523 | 1 Contiki-os | 1 Contiki | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted. | |||||
| CVE-2021-39187 | 1 Parseplatform | 1 Parse-server | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist. | |||||
| CVE-2021-39181 | 1 Frentix | 1 Openolat | 2021-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the attacker. The attack requires an OpenOlat user account with the authoring role. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3, and 16.0.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-38705 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. This can be exploited to create a secondary administrator account for the attacker. | |||||
| CVE-2021-39192 | 1 Ghost | 1 Ghost | 2021-09-10 | 6.5 MEDIUM | 7.2 HIGH |
| Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users (including contributors) to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability. This issue is patched in Ghost version 4.10.0. As a workaround, disable all non-Administrator accounts to prevent API access. It is highly recommended to regenerate all API keys after patching or applying the workaround. | |||||
| CVE-2021-22775 | 1 Schneider-electric | 1 Gp-pro Ex | 2021-09-10 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | |||||
| CVE-2019-6140 | 1 Forcepoint | 1 Email Security | 2021-09-10 | 7.5 HIGH | 8.8 HIGH |
| A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. | |||||
| CVE-2021-21086 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-10 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40378 | 1 Comprotech | 8 Ip570, Ip570 Firmware, Ip60 and 5 more | 2021-09-10 | 8.5 HIGH | 8.1 HIGH |
| An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device. | |||||