Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
// weekly digest
// weekly digest
// weekly digest
2022-01-10 00:00 UTC 2022-01-16 23:59 UTC
// total
0
// critical
0
// high
0
// medium
0
// low
0
// new kev
15
// top critical
No CRITICAL CVEs published this week.
// top high
No HIGH CVEs published this week.
// new kev additions
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
Kibana contain an arbitrary code execution flaw in the Timelion visualizer.
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.