Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34840 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14021. | |||||
| CVE-2021-34839 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14020. | |||||
| CVE-2021-34838 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14019. | |||||
| CVE-2021-34837 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14018. | |||||
| CVE-2021-34836 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14017. | |||||
| CVE-2021-34835 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14015. | |||||
| CVE-2021-34834 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14014. | |||||
| CVE-2021-34833 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14023. | |||||
| CVE-2021-34832 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13928. | |||||
| CVE-2021-34831 | 3 Foxit, Foxitsoftware, Microsoft | 3 Pdf Reader, Pdf Editor, Windows | 2022-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Document objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13741. | |||||
| CVE-2021-44977 | 1 Idreamsoft | 1 Icms | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | |||||
| CVE-2021-43635 | 1 Codex Project | 1 Codex | 2022-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | |||||
| CVE-2021-29397 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. | |||||
| CVE-2021-45990 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. | |||||
| CVE-2021-45997 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | |||||
| CVE-2021-45992 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter. | |||||
| CVE-2021-45993 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters. | |||||
| CVE-2021-45996 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | |||||
| CVE-2021-45995 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters. | |||||
| CVE-2022-24166 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter. | |||||