Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4132 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2021-11-19 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4131 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2021-11-19 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2016-4146 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2021-11-19 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2021-42272 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-11-19 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. | |||||
| CVE-2021-42524 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-11-19 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. | |||||
| CVE-2021-42525 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-11-19 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-24598 | 1 Wpshopmart | 1 Testimonial Builder | 2021-11-19 | 3.5 LOW | 4.8 MEDIUM |
| The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24772 | 1 Xwp | 1 Stream | 2021-11-19 | 6.5 MEDIUM | 8.8 HIGH |
| The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue. | |||||
| CVE-2021-24758 | 1 Email Log Project | 1 Email Log | 2021-11-19 | 6.5 MEDIUM | 8.8 HIGH |
| The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections | |||||
| CVE-2021-24776 | 1 Wp Performance Score Booster Project | 1 Wp Performance Score Booster | 2021-11-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2020-12961 | 1 Amd | 90 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 87 more | 2021-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections. | |||||
| CVE-2021-29860 | 1 Ibm | 2 Aix, Vios | 2021-11-18 | 2.1 LOW | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. | |||||
| CVE-2021-32234 | 1 Smartertools | 1 Smartermail | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. | |||||
| CVE-2021-42271 | 1 Adobe | 1 Animate | 2021-11-18 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. | |||||
| CVE-2021-25985 | 1 Darwin | 1 Factor | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover. | |||||
| CVE-2021-24847 | 1 Wp-buy | 1 Seo Redirection-301 Redirect Manager | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed | |||||
| CVE-2021-42267 | 1 Adobe | 1 Animate | 2021-11-18 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-42268 | 1 Adobe | 1 Animate | 2021-11-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42269 | 1 Adobe | 1 Animate | 2021-11-18 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42270 | 1 Adobe | 1 Animate | 2021-11-18 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. | |||||