Export limit exceeded: 80716 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80716 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28314 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 7.8 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||
| CVE-2021-28313 | 1 Microsoft | 13 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 10 more | 2024-11-21 | 7.8 High |
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-28307 | 1 Fltk Project | 1 Fltk | 2024-11-21 | 7.5 High |
| An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon. | ||||
| CVE-2021-28306 | 1 Fltk Project | 1 Fltk | 2024-11-21 | 7.5 High |
| An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent. | ||||
| CVE-2021-28302 | 1 Pupnp Project | 1 Pupnp | 2024-11-21 | 7.5 High |
| A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash. | ||||
| CVE-2021-28295 | 1 Online Ordering System Project | 1 Online Ordering System | 2024-11-21 | 7.5 High |
| Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GPST/admin/design.php, which may lead to database information disclosure. | ||||
| CVE-2021-28278 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 7.8 High |
| A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. | ||||
| CVE-2021-28277 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 7.8 High |
| A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. | ||||
| CVE-2021-28276 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | ||||
| CVE-2021-28271 | 1 Soyal | 3 701clientsql, 701server, 701serversql | 2024-11-21 | 8.8 High |
| Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group. | ||||
| CVE-2021-28269 | 1 Soyal | 1 701client | 2024-11-21 | 8.8 High |
| Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions. | ||||
| CVE-2021-28250 | 1 Ca | 1 Ehealth Performance Manager | 2024-11-21 | 7.8 High |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-28249 | 1 Ca | 1 Ehealth Performance Manager | 2024-11-21 | 8.8 High |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-28248 | 1 Broadcom | 1 Ehealth | 2024-11-21 | 7.5 High |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. An attacker is able to perform an arbitrary number of /web/frames/ authentication attempts using different passwords, and eventually gain access to a targeted account, NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-28246 | 1 Broadcom | 2 Ca Ehealth Performance Manager, Ehealth | 2024-11-21 | 7.8 High |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-28245 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 High |
| PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. | ||||
| CVE-2021-28242 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 8.8 High |
| SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. | ||||
| CVE-2021-28236 | 1 Gnu | 1 Libredwg | 2024-11-21 | 7.5 High |
| LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. | ||||
| CVE-2021-28233 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2024-11-21 | 8.8 High |
| Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. | ||||
| CVE-2021-28213 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 7.5 High |
| Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | ||||