Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42322 | 1 Microsoft | 1 Visual Studio Code | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2023-12-28 | 4.0 MEDIUM | 8.1 HIGH |
| <p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a>? on an Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p> <p>Azure AD?addressed this vulnerability by preventing disclosure of any private key?values added?to the application.</p> <p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p> <p>For more details on this issue, please refer to the <a href="https://aka.ms/CVE-2021-42306-AAD">MSRC Blog Entry</a>.</p> | |||||
| CVE-2021-42316 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2021-42298 | 1 Microsoft | 1 Malware Protection Engine | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office | 2023-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-42292 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2021-42291 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42287 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42286 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||
| CVE-2021-42285 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-42283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 8.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42282 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42278 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42276 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-42275 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||
| CVE-2021-41378 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.8 HIGH |
| Windows NTFS Remote Code Execution Vulnerability | |||||
| CVE-2021-41377 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2023-12-28 | 6.8 MEDIUM | 7.6 HIGH |
| <p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.</p> <p>Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.</p> <p>The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.</p> | |||||
| CVE-2021-41370 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41367 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41366 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||
| CVE-2021-41356 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Denial of Service Vulnerability | |||||
| CVE-2021-40442 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-38666 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-38665 | 1 Microsoft | 11 Remote Desktop, Windows 10, Windows 11 and 8 more | 2023-12-28 | 4.3 MEDIUM | 7.4 HIGH |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||
| CVE-2021-36957 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||
| CVE-2021-41352 | 1 Microsoft | 1 System Center Operations Manager | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| SCOM Information Disclosure Vulnerability | |||||
| CVE-2021-40457 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 4.3 MEDIUM | 7.4 HIGH |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2022-24122 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2023-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | |||||
| CVE-2023-38200 | 3 Fedoraproject, Keylime, Redhat | 9 Fedora, Keylime, Enterprise Linux and 6 more | 2023-12-28 | N/A | 7.5 HIGH |
| A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. | |||||
| CVE-2022-4907 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-28 | N/A | 8.8 HIGH |
| Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2008-5183 | 3 Apple, Debian, Opensuse | 5 Cups, Mac Os X, Mac Os X Server and 2 more | 2023-12-28 | 4.3 MEDIUM | 7.5 HIGH |
| cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | |||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2004-0365 | 1 Ethereal | 1 Ethereal | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. | |||||
| CVE-2005-0772 | 1 Veritas | 1 Backup Exec | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | |||||
| CVE-2002-1912 | 1 Skystream | 1 Emr5000 | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets. | |||||
| CVE-2008-3597 | 1 Skulltag | 1 Skulltag | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | |||||
| CVE-2023-5961 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2023-12-28 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | |||||
| CVE-2009-2698 | 6 Canonical, Fedoraproject, Linux and 3 more | 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | |||||
| CVE-2009-0949 | 3 Apple, Canonical, Debian | 5 Cups, Mac Os X, Mac Os X Server and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | |||||
| CVE-2023-3655 | 1 Cashit | 1 Cashit\! | 2023-12-28 | N/A | 7.5 HIGH |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | |||||
| CVE-2022-45188 | 3 Debian, Fedoraproject, Netatalk | 3 Debian Linux, Fedora, Netatalk | 2023-12-28 | N/A | 7.8 HIGH |
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | |||||
| CVE-2023-7053 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 8.8 HIGH |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. | |||||
| CVE-2023-46149 | 1 Themify | 1 Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-29102 | 1 Olivethemes | 1 Olive One Click Demo Import | 2023-12-28 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||||
| CVE-2023-33318 | 1 Woocommerce | 1 Automatewoo | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | |||||
| CVE-2023-31215 | 1 Amadercode | 1 Dropshipping \& Affiliation With Amazon | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2. | |||||
| CVE-2023-34007 | 1 Wpchill | 1 Download Monitor | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3. | |||||
| CVE-2021-43876 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-28 | 6.0 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||