Export limit exceeded: 80735 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80735 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28455 | 1 Microsoft | 23 365 Apps, Access, Office and 20 more | 2024-11-21 | 8.8 High |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | ||||
| CVE-2021-28454 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-28453 | 1 Microsoft | 8 365 Apps, Excel, Office and 5 more | 2024-11-21 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2021-28452 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-11-21 | 7.1 High |
| Microsoft Outlook Memory Corruption Vulnerability | ||||
| CVE-2021-28451 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-28449 | 1 Microsoft | 3 365 Apps, Excel, Office | 2024-11-21 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2021-28448 | 1 Microsoft | 2 Kubernetes Tools, Visual Studio Code Kubernetes Tools | 2024-11-21 | 7.8 High |
| Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | ||||
| CVE-2021-28445 | 1 Microsoft | 18 Windows 10, Windows 10 1607, Windows 10 1809 and 15 more | 2024-11-21 | 8.1 High |
| Windows Network File System Remote Code Execution Vulnerability | ||||
| CVE-2021-28440 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2021-28439 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.5 High |
| Windows TCP/IP Driver Denial of Service Vulnerability | ||||
| CVE-2021-28436 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-11-21 | 7.8 High |
| Windows Speech Runtime Elevation of Privilege Vulnerability | ||||
| CVE-2021-28434 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 8.8 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2021-28427 | 1 Xnview | 1 Xnview | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | ||||
| CVE-2021-28419 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 7.2 High |
| The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | ||||
| CVE-2021-28398 | 1 Osgeo | 1 Geonetwork | 2024-11-21 | 7.2 High |
| A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0. | ||||
| CVE-2021-28379 | 2 Myvestacp, Vestacp | 2 Myvesta, Vesta Control Panel | 2024-11-21 | 8.8 High |
| web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. | ||||
| CVE-2021-28375 | 3 Fedoraproject, Linux, Netapp | 4 Fedora, Linux Kernel, Cloud Backup and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. | ||||
| CVE-2021-28374 | 1 Debian | 2 Courier-authlib, Debian Linux | 2024-11-21 | 7.5 High |
| The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory, quota, and some type of password information (such as a hash). | ||||
| CVE-2021-28373 | 1 Tt-rss | 1 Tiny Tiny Rss | 2024-11-21 | 7.5 High |
| The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear to exist, but are automatically generated from the year and month. They are not releases. | ||||
| CVE-2021-28372 | 1 Throughtek | 1 Kalay P2p Software Development Kit | 2024-11-21 | 8.3 High |
| ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device. | ||||