Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
// weekly digest
// weekly digest
// weekly digest
2021-11-01 00:00 UTC 2021-11-07 23:59 UTC
// total
0
// critical
0
// high
0
// medium
0
// low
0
// new kev
287
// top critical
No CRITICAL CVEs published this week.
// top high
No HIGH CVEs published this week.
// new kev additions
Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.
Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."