Export limit exceeded: 357821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 83461 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (83461 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28451 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-28449 | 1 Microsoft | 3 365 Apps, Excel, Office | 2024-11-21 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2021-28448 | 1 Microsoft | 2 Kubernetes Tools, Visual Studio Code Kubernetes Tools | 2024-11-21 | 7.8 High |
| Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | ||||
| CVE-2021-28445 | 1 Microsoft | 18 Windows 10, Windows 10 1607, Windows 10 1809 and 15 more | 2024-11-21 | 8.1 High |
| Windows Network File System Remote Code Execution Vulnerability | ||||
| CVE-2021-28440 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2021-28439 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.5 High |
| Windows TCP/IP Driver Denial of Service Vulnerability | ||||
| CVE-2021-28436 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-11-21 | 7.8 High |
| Windows Speech Runtime Elevation of Privilege Vulnerability | ||||
| CVE-2021-28434 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 8.8 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2021-28427 | 1 Xnview | 1 Xnview | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | ||||
| CVE-2021-28419 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 7.2 High |
| The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | ||||
| CVE-2021-28398 | 1 Osgeo | 1 Geonetwork | 2024-11-21 | 7.2 High |
| A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. | ||||
| CVE-2021-28379 | 2 Myvestacp, Vestacp | 2 Myvesta, Vesta Control Panel | 2024-11-21 | 8.8 High |
| web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | ||||
| CVE-2021-28375 | 3 Fedoraproject, Linux, Netapp | 4 Fedora, Linux Kernel, Cloud Backup and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. | ||||
| CVE-2021-28374 | 1 Debian | 2 Courier-authlib, Debian Linux | 2024-11-21 | 7.5 High |
| The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash). | ||||
| CVE-2021-28373 | 1 Tt-rss | 1 Tiny Tiny Rss | 2024-11-21 | 7.5 High |
| The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases. | ||||
| CVE-2021-28372 | 1 Throughtek | 1 Kalay P2p Software Development Kit | 2024-11-21 | 8.3 High |
| ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device. | ||||
| CVE-2021-28362 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c. | ||||
| CVE-2021-28361 | 1 Spdk | 1 Storage Performance Development Kit | 2024-11-21 | 7.5 High |
| An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected), the iSCSI target can crash with a NULL pointer dereference. | ||||
| CVE-2021-28358 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 8.8 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2021-28357 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 8.8 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||