Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26892 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 2.1 LOW | 6.2 MEDIUM |
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2021-26891 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Execution Agent Elevation of Privilege Vulnerability | |||||
| CVE-2021-26890 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Application Virtualization Remote Code Execution Vulnerability | |||||
| CVE-2021-26889 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2021-26887 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting another user's personal data to a created folder.</p> <p>To exploit the vulnerability, an attacker can create a new folder under the Folder Redirection root path and create a junction on a newly created User folder. When the new user logs in, Folder Redirection would start redirecting to the folder and copying personal data.</p> <p>This elevation of privilege vulnerability can only be addressed by reconfiguring Folder Redirection with Offline files and restricting permissions, and NOT via a security update for affected Windows Servers. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p> | |||||
| CVE-2021-26886 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-29 | 3.6 LOW | 6.1 MEDIUM |
| User Profile Service Denial of Service Vulnerability | |||||
| CVE-2021-26885 | 1 Microsoft | 1 Windows 10 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows WalletService Elevation of Privilege Vulnerability | |||||
| CVE-2021-26884 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Windows Media Photo Codec Information Disclosure Vulnerability | |||||
| CVE-2021-26882 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Remote Access API Elevation of Privilege Vulnerability | |||||
| CVE-2021-26881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 6.5 MEDIUM | 7.5 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-26880 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-26879 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2012 and 2 more | 2023-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | |||||
| CVE-2021-26878 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-26877 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2023-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26876 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-29 | 6.8 MEDIUM | 8.8 HIGH |
| OpenType Font Parsing Remote Code Execution Vulnerability | |||||
| CVE-2021-26875 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-26874 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Overlay Filter Elevation of Privilege Vulnerability | |||||
| CVE-2021-26873 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-29 | 4.6 MEDIUM | 7.0 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-26872 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-26871 | 1 Microsoft | 1 Windows 10 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows WalletService Elevation of Privilege Vulnerability | |||||
| CVE-2021-26870 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||
| CVE-2021-26869 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Windows ActiveX Installer Service Information Disclosure Vulnerability | |||||
| CVE-2021-26868 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2021-26867 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-29 | 7.2 HIGH | 9.9 CRITICAL |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2021-26866 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 3.6 LOW | 7.1 HIGH |
| Windows Update Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-26865 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 8.8 HIGH |
| Windows Container Execution Agent Elevation of Privilege Vulnerability | |||||
| CVE-2021-26864 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 8.4 HIGH |
| Windows Virtual Registry Provider Elevation of Privilege Vulnerability | |||||
| CVE-2021-26863 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 7.2 HIGH | 7.0 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-26862 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 7.2 HIGH | 7.0 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-26861 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||
| CVE-2021-26860 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows App-V Overlay Filter Elevation of Privilege Vulnerability | |||||
| CVE-2021-24107 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Windows Event Tracing Information Disclosure Vulnerability | |||||
| CVE-2021-24095 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.6 MEDIUM | 7.0 HIGH |
| DirectX Elevation of Privilege Vulnerability | |||||
| CVE-2021-24090 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| Windows Error Reporting Elevation of Privilege Vulnerability | |||||
| CVE-2021-1729 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 7.2 HIGH | 7.1 HIGH |
| Windows Update Stack Setup Elevation of Privilege Vulnerability | |||||
| CVE-2021-1640 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2023-51033 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. | |||||
| CVE-2023-6689 | 1 Efacec | 2 Bcu 500, Bcu 500 Firmware | 2023-12-29 | N/A | 8.8 HIGH |
| A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application. | |||||
| CVE-2023-50250 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 6.1 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available. | |||||
| CVE-2023-37520 | 1 Hcltech | 1 Bigfix Platform | 2023-12-29 | N/A | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay. | |||||
| CVE-2023-51448 | 1 Cacti | 1 Cacti | 2023-12-29 | N/A | 8.8 HIGH |
| Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. | |||||
| CVE-2023-51028 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. | |||||
| CVE-2023-50147 | 1 Totolink | 2 A3700r, A3700r Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. | |||||
| CVE-2023-7041 | 1 Codelyfe | 1 Stupid Simple Cms | 2023-12-29 | N/A | 5.4 MEDIUM |
| A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some unknown functionality of the file /file-manager/rename.php. The manipulation of the argument newName leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248690 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-51380 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 4.3 MEDIUM |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6690 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 2.0 LOW |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the transfer. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6802 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 6.5 MEDIUM |
| An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6803 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 4.0 MEDIUM |
| A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6804 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 5.5 MEDIUM |
| Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | |||||
| CVE-2023-6847 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 7.5 HIGH |
| An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||