Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3058 | 1 Paloaltonetworks | 1 Pan-os | 2021-11-15 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. | |||||
| CVE-2021-3056 | 1 Paloaltonetworks | 1 Pan-os | 2021-11-15 | 8.5 HIGH | 8.8 HIGH |
| A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue. | |||||
| CVE-2020-23890 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648. | |||||
| CVE-2020-23898 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | |||||
| CVE-2020-23897 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | |||||
| CVE-2020-23896 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | |||||
| CVE-2020-23895 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | |||||
| CVE-2020-23893 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | |||||
| CVE-2020-23891 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | |||||
| CVE-2020-23899 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | |||||
| CVE-2020-23894 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. | |||||
| CVE-2020-23901 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. | |||||
| CVE-2020-23900 | 1 Wildbit-soft | 1 Wildbit Viewer | 2021-11-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b. | |||||
| CVE-2021-31853 | 1 Mcafee | 1 Drive Encryption | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | |||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office | 2021-11-12 | 6.9 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-40261 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2021-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name. | |||||
| CVE-2021-40260 | 1 Tailor Management System Project | 1 Tailor Management System | 2021-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php. | |||||
| CVE-2020-23572 | 1 Beescms | 1 Beescms | 2021-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2021-39420 | 1 Vfront | 1 Vfront | 2021-11-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php. | |||||
| CVE-2021-24844 | 1 Wpaffiliatemanager | 1 Affiliates Manager | 2021-11-12 | 6.5 MEDIUM | 7.2 HIGH |
| The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue | |||||