Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34500 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 4.0 MEDIUM | 6.3 MEDIUM |
| Windows Kernel Memory Information Disclosure Vulnerability | |||||
| CVE-2021-34499 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows DNS Server Denial of Service Vulnerability | |||||
| CVE-2021-34497 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 6.8 MEDIUM |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2021-34496 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows GDI Information Disclosure Vulnerability | |||||
| CVE-2021-34493 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-34491 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Win32k Information Disclosure Vulnerability | |||||
| CVE-2021-33783 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows SMB Information Disclosure Vulnerability | |||||
| CVE-2021-33782 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows Authenticode Spoofing Vulnerability | |||||
| CVE-2021-33765 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 2.1 LOW | 6.2 MEDIUM |
| Windows Installer Spoofing Vulnerability | |||||
| CVE-2021-33764 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows Key Distribution Center Information Disclosure Vulnerability | |||||
| CVE-2021-33763 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||
| CVE-2021-33760 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Media Foundation Information Disclosure Vulnerability | |||||
| CVE-2021-33757 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 7.5 HIGH | 5.3 MEDIUM |
| Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | |||||
| CVE-2021-33755 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 5.0 MEDIUM | 6.3 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-33753 | 1 Microsoft | 1 Bing | 2023-12-28 | 4.3 MEDIUM | 4.7 MEDIUM |
| Microsoft Bing Search Spoofing Vulnerability | |||||
| CVE-2021-33745 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows DNS Server Denial of Service Vulnerability | |||||
| CVE-2021-33744 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 7.2 HIGH | 5.3 MEDIUM |
| Windows Secure Kernel Mode Security Feature Bypass Vulnerability | |||||
| CVE-2021-31961 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 3.6 LOW | 6.1 MEDIUM |
| Windows InstallService Elevation of Privilege Vulnerability | |||||
| CVE-2023-5236 | 2 Infinispan, Redhat | 3 Infinispan, Data Grid, Jboss Data Grid | 2023-12-28 | N/A | 6.5 MEDIUM |
| A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. | |||||
| CVE-2023-50713 | 1 Specklesystems | 1 Speckle Server | 2023-12-28 | N/A | 5.0 MEDIUM |
| Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users. This has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist. | |||||
| CVE-2023-6910 | 1 M-files | 1 M-files Server | 2023-12-28 | N/A | 6.5 MEDIUM |
| A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. | |||||
| CVE-2023-6835 | 1 Wso2 | 2 Api Manager, Iot Server | 2023-12-28 | N/A | 5.3 MEDIUM |
| Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated. | |||||
| CVE-2023-32743 | 1 Woocommerce | 1 Automatewoo | 2023-12-28 | N/A | 4.9 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1. | |||||
| CVE-2023-6784 | 1 Progress | 1 Sitefinity | 2023-12-28 | N/A | 4.3 MEDIUM |
| A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. | |||||
| CVE-2021-40448 | 1 Microsoft | 1 Accessibility Insights For Android | 2023-12-28 | 4.3 MEDIUM | 6.3 MEDIUM |
| Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | |||||
| CVE-2021-40440 | 1 Microsoft | 1 Dynamics 365 Business Central | 2023-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-38669 | 1 Microsoft | 2 Edge, Edge Chromium | 2023-12-28 | 7.5 HIGH | 6.4 MEDIUM |
| Microsoft Edge (Chromium-based) Tampering Vulnerability | |||||
| CVE-2021-38657 | 1 Microsoft | 1 365 Apps | 2023-12-28 | 2.1 LOW | 6.1 MEDIUM |
| Microsoft Office Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2021-38637 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Storage Information Disclosure Vulnerability | |||||
| CVE-2021-38636 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |||||
| CVE-2021-38635 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |||||
| CVE-2021-38642 | 2 Apple, Microsoft | 2 Iphone Os, Edge | 2023-12-28 | 4.0 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2021-38641 | 2 Google, Microsoft | 2 Android, Edge | 2023-12-28 | 4.0 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2021-38632 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 2.1 LOW | 5.7 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2021-38629 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | |||||
| CVE-2021-38624 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | |||||
| CVE-2021-36972 | 1 Microsoft | 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows SMB Information Disclosure Vulnerability | |||||
| CVE-2021-36969 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |||||
| CVE-2021-36962 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Installer Information Disclosure Vulnerability | |||||
| CVE-2021-36961 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 3.6 LOW | 5.5 MEDIUM |
| Windows Installer Denial of Service Vulnerability | |||||
| CVE-2021-36959 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows Authenticode Spoofing Vulnerability | |||||
| CVE-2021-36956 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2021-26437 | 1 Microsoft | 1 Visual Studio Code | 2023-12-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Visual Studio Code Spoofing Vulnerability | |||||
| CVE-2021-36930 | 1 Microsoft | 1 Edge | 2023-12-28 | 6.8 MEDIUM | 5.3 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2021-26439 | 2 Google, Microsoft | 2 Android, Edge | 2023-12-28 | 4.3 MEDIUM | 4.6 MEDIUM |
| Microsoft Edge for Android Information Disclosure Vulnerability | |||||
| CVE-2021-26436 | 1 Microsoft | 1 Edge | 2023-12-28 | 6.8 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2021-36950 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2021-36946 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2023-12-28 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-36943 | 1 Microsoft | 1 Azure Cyclecloud | 2023-12-28 | 4.6 MEDIUM | 4.0 MEDIUM |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2021-36938 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Cryptographic Primitives Library Information Disclosure Vulnerability | |||||