Export limit exceeded: 43192 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8097 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24084 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-11-21 | 5.5 Medium |
| Windows Mobile Device Management Information Disclosure Vulnerability | ||||
| CVE-2021-24066 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| Microsoft SharePoint Remote Code Execution Vulnerability | ||||
| CVE-2021-24040 | 1 Facebook | 1 Parlai | 2024-11-21 | 9.8 Critical |
| Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. | ||||
| CVE-2021-24027 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 7.5 High |
| A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. | ||||
| CVE-2021-24024 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-11-21 | 4.3 Medium |
| A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files. | ||||
| CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | ||||
| CVE-2021-23895 | 1 Mcafee | 1 Database Security | 2024-11-21 | 9 Critical |
| Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | ||||
| CVE-2021-23894 | 1 Mcafee | 1 Database Security | 2024-11-21 | 9.6 Critical |
| Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server. | ||||
| CVE-2021-23873 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time. | ||||
| CVE-2021-23872 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. | ||||
| CVE-2021-23772 | 2 Golang, Iris-go | 2 Go, Iris | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. | ||||
| CVE-2021-23758 | 1 Ajaxpro.2 Project | 1 Ajaxpro.2 | 2024-11-21 | 8.1 High |
| All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. | ||||
| CVE-2021-23592 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.7 High |
| The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. | ||||
| CVE-2021-23555 | 2 Redhat, Vm2 Project | 2 Acm, Vm2 | 2024-11-21 | 9.8 Critical |
| The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | ||||
| CVE-2021-23521 | 1 Juce | 1 Juce | 2024-11-21 | 5.5 Medium |
| This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object. | ||||
| CVE-2021-23420 | 1 Codeception | 1 Codeception | 2024-11-21 | 7.7 High |
| This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. | ||||
| CVE-2021-23338 | 1 Microsoft | 1 Qlib | 2024-11-21 | 6.6 Medium |
| This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function. | ||||
| CVE-2021-23240 | 4 Fedoraproject, Netapp, Redhat and 1 more | 5 Fedora, Hci Management Node, Solidfire and 2 more | 2024-11-21 | 7.8 High |
| selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. | ||||
| CVE-2021-23239 | 5 Debian, Fedoraproject, Netapp and 2 more | 7 Debian Linux, Fedora, Cloud Backup and 4 more | 2024-11-21 | 2.5 Low |
| The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | ||||
| CVE-2021-23222 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 5.9 Medium |
| A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. | ||||