Search Results (Refine Search)

Search Parameters:
There are 147,627 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2021-21012

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-21011

Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21010

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21009

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 8.6 HIGH
V2.0:(not available)
CVE-2021-21008

Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21007

Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:13 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2021-21006

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-9209

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-1866

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14102

There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14101

The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14098

The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-14097

Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18.

Published: January 13, 2021; 6:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2013-1053

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions.

Published: January 13, 2021; 6:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1360

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Published: January 13, 2021; 5:15:21 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1311

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.

Published: January 13, 2021; 5:15:21 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1310

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites.

Published: January 13, 2021; 5:15:21 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1307

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Published: January 13, 2021; 5:15:21 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1267

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition.

Published: January 13, 2021; 5:15:21 PM -0500
V3.x:(not available)
V2.0:(not available)