Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42279 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 5.1 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-42278 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42277 | 1 Microsoft | 8 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 5 more | 2023-12-28 | 4.6 MEDIUM | 5.5 MEDIUM |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||
| CVE-2021-42276 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-42275 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||
| CVE-2021-42274 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 2.1 LOW | 6.8 MEDIUM |
| Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | |||||
| CVE-2021-41379 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 5.5 MEDIUM |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-41378 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.8 HIGH |
| Windows NTFS Remote Code Execution Vulnerability | |||||
| CVE-2021-41377 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-41376 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 2.3 LOW |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2021-41375 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2021-41374 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 6.7 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2021-41373 | 1 Microsoft | 1 Fslogix | 2023-12-28 | 2.1 LOW | 5.5 MEDIUM |
| FSLogix Information Disclosure Vulnerability | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2023-12-28 | 6.8 MEDIUM | 7.6 HIGH |
| <p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.</p> <p>Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.</p> <p>The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.</p> | |||||
| CVE-2021-41371 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 2.1 LOW | 4.4 MEDIUM |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||
| CVE-2021-41370 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41368 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-12-28 | 6.8 MEDIUM | 6.1 MEDIUM |
| Microsoft Access Remote Code Execution Vulnerability | |||||
| CVE-2021-41367 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41366 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||
| CVE-2021-41356 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Denial of Service Vulnerability | |||||
| CVE-2021-41351 | 1 Microsoft | 4 Edge, Windows 10, Windows 11 and 1 more | 2023-12-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge (Chrome based) Spoofing on IE Mode | |||||
| CVE-2021-41349 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-40442 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-38666 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-38665 | 1 Microsoft | 11 Remote Desktop, Windows 10, Windows 11 and 8 more | 2023-12-28 | 4.3 MEDIUM | 7.4 HIGH |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||
| CVE-2021-38631 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 2.1 LOW | 4.4 MEDIUM |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||
| CVE-2021-36957 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||
| CVE-2021-26444 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 1.9 LOW | 3.3 LOW |
| Azure RTOS Information Disclosure Vulnerability | |||||
| CVE-2021-26443 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 7.7 HIGH | 9.0 CRITICAL |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||
| CVE-2021-41363 | 1 Microsoft | 1 Intune Management Extension | 2023-12-28 | 4.4 MEDIUM | 4.2 MEDIUM |
| Intune Management Extension Security Feature Bypass Vulnerability | |||||
| CVE-2021-41352 | 1 Microsoft | 1 System Center Operations Manager | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| SCOM Information Disclosure Vulnerability | |||||
| CVE-2021-40457 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 4.3 MEDIUM | 7.4 HIGH |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2023-42627 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-12-28 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code. | |||||
| CVE-2023-42628 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-12-28 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field. | |||||
| CVE-2023-42629 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2023-12-28 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field. | |||||
| CVE-2022-24122 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2023-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | |||||
| CVE-2022-24599 | 3 Audio File Library Project, Debian, Fedoraproject | 3 Audio File Library, Debian Linux, Fedora | 2023-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. | |||||
| CVE-2019-13147 | 2 Audio File Library Project, Debian | 2 Audio File Library, Debian Linux | 2023-12-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. | |||||
| CVE-2022-4393 | 1 Avirtum | 1 Imagelinks | 2023-12-28 | N/A | 5.4 MEDIUM |
| The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2023-38200 | 3 Fedoraproject, Keylime, Redhat | 9 Fedora, Keylime, Enterprise Linux and 6 more | 2023-12-28 | N/A | 7.5 HIGH |
| A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. | |||||
| CVE-2022-4907 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-28 | N/A | 8.8 HIGH |
| Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-50825 | 1 Jacksonwhelan | 1 Iframe Shortcode | 2023-12-28 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0. | |||||
| CVE-2008-5183 | 3 Apple, Debian, Opensuse | 5 Cups, Mac Os X, Mac Os X Server and 2 more | 2023-12-28 | 4.3 MEDIUM | 7.5 HIGH |
| cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | |||||
| CVE-2008-0062 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-28 | 9.3 HIGH | 9.8 CRITICAL |
| KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | |||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 66 Webstar, Mac Os X, Mac Os X Server and 63 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |||||
| CVE-2004-0365 | 1 Ethereal | 1 Ethereal | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. | |||||
| CVE-2005-0772 | 1 Veritas | 1 Backup Exec | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference. | |||||
| CVE-2002-1912 | 1 Skystream | 1 Emr5000 | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets. | |||||
| CVE-2008-3597 | 1 Skulltag | 1 Skulltag | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by sending a "command 29" packet when the player is not in the game. | |||||
| CVE-2023-5961 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2023-12-28 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | |||||