• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2021-26624

February 23, 2023 by

An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.

CVE-2021-26626

February 23, 2023 by

Improper input validation vulnerability in XPLATFORM’s execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.

CVE-2021-26370

February 23, 2023 by

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

CVE-2021-26388

February 23, 2023 by

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

CVE-2021-26398

February 23, 2023 by

Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.

CVE-2021-26404

February 23, 2023 by

Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 550
  • Go to page 551
  • Go to page 552
  • Go to page 553
  • Go to page 554
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE