Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28421 | 1 Winwar | 1 Wp Email Capture | 2023-12-29 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issue affects WordPress Email Marketing Plugin – WP Email Capture: from n/a through 3.10. | |||||
| CVE-2023-49162 | 1 Bigcommerce | 1 Bigcommerce | 2023-12-29 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n/a through 5.0.6. | |||||
| CVE-2023-48288 | 1 Hmplugin | 1 Jobwp | 2023-12-29 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1. | |||||
| CVE-2023-49288 | 1 Squid-cache | 1 Squid | 2023-12-29 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. | |||||
| CVE-2023-46728 | 1 Squid-cache | 1 Squid | 2023-12-29 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. | |||||
| CVE-2023-46724 | 1 Squid-cache | 1 Squid | 2023-12-29 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | |||||
| CVE-2021-28482 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-28477 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.0 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28475 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28473 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28472 | 1 Microsoft | 1 Vscode-maven | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28471 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28470 | 1 Microsoft | 1 Visual Studio Code Github Pull Requests And Issues | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28469 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28468 | 1 Microsoft | 1 Raw Image Extension | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28466 | 1 Microsoft | 1 Raw Image Extension | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Raw Image Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-28464 | 1 Microsoft | 1 Vp9 Video Extensions | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| VP9 Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-28460 | 1 Microsoft | 1 Azure Sphere | 2023-12-29 | 4.6 MEDIUM | 8.1 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2021-28458 | 1 Microsoft | 1 Ms-rest-nodeauth | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | |||||
| CVE-2021-28457 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-28454 | 1 Microsoft | 4 365 Apps, Office, Office Online Server and 1 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-28453 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-28452 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2023-12-29 | 6.8 MEDIUM | 7.1 HIGH |
| Microsoft Outlook Memory Corruption Vulnerability | |||||
| CVE-2021-28451 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-28449 | 1 Microsoft | 3 365 Apps, Excel, Office | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-28448 | 1 Microsoft | 1 Visual Studio Code Kubernetes Tools | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | |||||
| CVE-2021-27064 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-49294 | 2 Digium, Sangoma | 2 Asterisk, Certified Asterisk | 2023-12-29 | N/A | 7.5 HIGH |
| Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. | |||||
| CVE-2023-37457 | 2 Digium, Sangoma | 2 Asterisk, Certified Asterisk | 2023-12-29 | N/A | 8.2 HIGH |
| Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa. | |||||
| CVE-2021-31204 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, .net Core and 1 more | 2023-12-29 | 4.6 MEDIUM | 7.3 HIGH |
| .NET and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-31180 | 1 Microsoft | 3 365 Apps, Office, Word | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2021-31177 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-28455 | 1 Microsoft | 10 365 Apps, Office, Windows 10 and 7 more | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | |||||
| CVE-2021-27068 | 1 Microsoft | 1 Visual Studio 2019 | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2021-36934 | 1 Microsoft | 1 Windows 10 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p> | |||||
| CVE-2021-34481 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 7.5 HIGH | 8.8 HIGH |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p> | |||||
| CVE-2021-34467 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-28 | 6.5 MEDIUM | 7.1 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-34464 | 1 Microsoft | 1 Malware Protection Engine | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-34462 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 7.0 HIGH |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||
| CVE-2021-34461 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-34460 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-34459 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppContainer Elevation Of Privilege Vulnerability | |||||
| CVE-2021-34456 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-34455 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows File History Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-34452 | 1 Microsoft | 2 365 Apps, Word | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-34450 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 9.0 HIGH | 8.5 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2021-34449 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 7.0 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-34446 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 8.0 HIGH |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2021-34445 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-34442 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-28 | 5.0 MEDIUM | 8.8 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||