Total
10707 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26626 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. | |||||
| CVE-2021-26624 | 1 Escanav | 1 Escan Anti-virus | 2024-11-21 | 10.0 HIGH | 7.8 HIGH |
| An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. | |||||
| CVE-2021-26618 | 2 Microsoft, Tmax | 2 Windows, Tooffice | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
| An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code. | |||||
| CVE-2021-26617 | 2 Firstmall, Microsoft | 2 Firstmall, Windows | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | |||||
| CVE-2021-26613 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 5.0 MEDIUM | 8.1 HIGH |
| improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. | |||||
| CVE-2021-26612 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code. | |||||
| CVE-2021-26607 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
| An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. | |||||
| CVE-2021-26606 | 2 Dreamsecurity, Microsoft | 2 Magicline4nx.exe, Windows | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system. | |||||
| CVE-2021-26605 | 2 Microsoft, Unidocs | 2 Windows, Ezpdfreader | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication. | |||||
| CVE-2021-26415 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-26373 | 1 Amd | 175 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 172 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | |||||
| CVE-2021-26370 | 1 Amd | 98 Epyc 7002, Epyc 7002 Firmware, Epyc 7232p and 95 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | |||||
| CVE-2021-26351 | 1 Amd | 98 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3300g and 95 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | |||||
| CVE-2021-26325 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. | |||||
| CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | |||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | |||||
| CVE-2021-25746 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | |||||
| CVE-2021-25745 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | |||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | |||||
| CVE-2021-25517 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
| An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. | |||||