Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 34736 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34736 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28315 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Media Video Decoder Remote Code Execution Vulnerability | ||||
| CVE-2021-28314 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 7.8 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||
| CVE-2021-28312 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 3.3 Low |
| Windows NTFS Denial of Service Vulnerability | ||||
| CVE-2021-28311 | 1 Microsoft | 11 Windows 10, Windows 10 1607, Windows 10 1803 and 8 more | 2024-11-21 | 6.5 Medium |
| Windows Application Compatibility Cache Denial of Service Vulnerability | ||||
| CVE-2021-28309 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2021-28276 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | ||||
| CVE-2021-28213 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 7.5 High |
| Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | ||||
| CVE-2021-28156 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10. | ||||
| CVE-2021-28155 | 1 Jbl | 2 Tune500bt, Tune500bt Firmware | 2024-11-21 | 6.5 Medium |
| The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. | ||||
| CVE-2021-28139 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-11-21 | 8.8 High |
| The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. | ||||
| CVE-2021-28134 | 1 Clipper Project | 1 Clipper | 2024-11-21 | 9.8 Critical |
| Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. | ||||
| CVE-2021-28121 | 1 Virtual Robots.txt Project | 1 Virtual Robots.txt | 2024-11-21 | 9.8 Critical |
| Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. | ||||
| CVE-2021-28119 | 1 Twinkletray | 1 Twinkle Tray | 2024-11-21 | 9.8 Critical |
| Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. | ||||
| CVE-2021-28117 | 1 Kde | 1 Discover | 2024-11-21 | 7.5 High |
| libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) | ||||
| CVE-2021-28100 | 1 Netflix | 1 Priam | 2024-11-21 | 5.5 Medium |
| Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process. | ||||
| CVE-2021-28075 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | 7.5 High |
| iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2021-28037 | 1 Internment Project | 1 Internment | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. | ||||
| CVE-2021-27983 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 9.8 Critical |
| Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. | ||||
| CVE-2021-27962 | 1 Grafana | 1 Grafana | 2024-11-21 | 7.1 High |
| Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | ||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 6.8 Medium |
| Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed. | ||||