| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1351 |
CVE-2021-0152 |
347 |
|
DoS |
2021-11-17 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access. |
|
1352 |
CVE-2021-0151 |
863 |
|
|
2021-11-17 |
2021-11-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1353 |
CVE-2021-0148 |
532 |
|
|
2021-11-17 |
2021-11-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. |
|
1354 |
CVE-2021-0146 |
|
|
|
2021-11-17 |
2022-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
|
1355 |
CVE-2021-0135 |
20 |
|
|
2021-11-17 |
2021-11-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. |
|
1356 |
CVE-2021-0121 |
269 |
|
|
2021-11-17 |
2021-11-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access. |
|
1357 |
CVE-2021-0120 |
665 |
|
DoS |
2021-11-17 |
2021-11-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access. |
|
1358 |
CVE-2021-0110 |
863 |
|
DoS |
2021-11-17 |
2021-11-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access. |
|
1359 |
CVE-2021-0096 |
287 |
|
|
2021-11-17 |
2021-11-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1360 |
CVE-2021-0082 |
427 |
|
|
2021-11-17 |
2021-11-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1361 |
CVE-2021-0079 |
20 |
|
DoS |
2021-11-17 |
2021-11-19 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
|
1362 |
CVE-2021-0078 |
20 |
|
DoS |
2021-11-17 |
2021-11-19 |
6.8 |
None |
Local Network |
Low |
Not required |
Partial |
None |
Complete |
|
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. |
|
1363 |
CVE-2021-0075 |
787 |
|
DoS |
2021-11-17 |
2021-11-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access. |
|
1364 |
CVE-2021-0071 |
20 |
|
|
2021-11-17 |
2021-11-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
|
1365 |
CVE-2021-0069 |
20 |
|
DoS |
2021-11-17 |
2021-11-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
|
1366 |
CVE-2021-0065 |
276 |
|
|
2021-11-17 |
2021-11-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1367 |
CVE-2021-0064 |
732 |
|
|
2021-11-17 |
2022-05-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1368 |
CVE-2021-0063 |
20 |
|
DoS |
2021-11-17 |
2021-11-19 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
|
1369 |
CVE-2021-0053 |
665 |
|
|
2021-11-17 |
2021-11-19 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access. |
|
1370 |
CVE-2021-0013 |
20 |
|
DoS |
2021-11-17 |
2021-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. |
|
1371 |
CVE-2020-36505 |
352 |
|
CSRF |
2021-11-01 |
2021-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog. |
|
1372 |
CVE-2020-36504 |
352 |
|
CSRF |
2021-11-01 |
2021-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog |
|
1373 |
CVE-2020-36503 |
1236 |
|
|
2021-11-01 |
2021-11-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue |
|
1374 |
CVE-2020-35249 |
79 |
|
Exec Code XSS |
2021-11-02 |
2021-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature. |
|
1375 |
CVE-2020-28702 |
89 |
|
Sql |
2021-11-01 |
2021-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. |
|
1376 |
CVE-2020-28419 |
94 |
|
Exec Code |
2021-11-09 |
2021-11-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
During installation with certain driver software or application packages an arbitrary code execution could occur. |
|
1377 |
CVE-2020-28416 |
|
|
Exec Code |
2021-11-03 |
2021-11-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. |
|
1378 |
CVE-2020-28137 |
352 |
|
DoS CSRF |
2021-11-10 |
2021-11-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. |
|
1379 |
CVE-2020-27820 |
416 |
|
|
2021-11-03 |
2021-11-04 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). |
|
1380 |
CVE-2020-27406 |
79 |
|
Exec Code XSS |
2021-11-02 |
2021-11-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname. |
|
1381 |
CVE-2020-25368 |
77 |
|
Exec Code |
2021-11-04 |
2021-11-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. |
|
1382 |
CVE-2020-25367 |
77 |
|
Exec Code |
2021-11-04 |
2021-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. |
|
1383 |
CVE-2020-25366 |
862 |
|
DoS |
2021-11-04 |
2021-11-06 |
8.5 |
None |
Remote |
Low |
Not required |
None |
Partial |
Complete |
|
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. |
|
1384 |
CVE-2020-24743 |
|
|
+Priv |
2021-11-03 |
2021-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. |
|
1385 |
CVE-2020-24000 |
89 |
|
Exec Code Sql |
2021-11-03 |
2021-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. |
|
1386 |
CVE-2020-23906 |
345 |
|
DoS |
2021-11-10 |
2021-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. |
|
1387 |
CVE-2020-23904 |
787 |
|
DoS Overflow |
2021-11-10 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program." |
|
1388 |
CVE-2020-23903 |
369 |
|
DoS |
2021-11-10 |
2022-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. |
|
1389 |
CVE-2020-23902 |
120 |
|
DoS Overflow |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3. |
|
1390 |
CVE-2020-23901 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
|
1391 |
CVE-2020-23900 |
120 |
|
DoS Overflow |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b. |
|
1392 |
CVE-2020-23899 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
|
1393 |
CVE-2020-23898 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
|
1394 |
CVE-2020-23897 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
|
1395 |
CVE-2020-23896 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
|
1396 |
CVE-2020-23895 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
|
1397 |
CVE-2020-23894 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
|
1398 |
CVE-2020-23893 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
|
1399 |
CVE-2020-23891 |
787 |
|
DoS |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
|
1400 |
CVE-2020-23890 |
120 |
|
DoS Overflow |
2021-11-10 |
2021-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648. |
