Export limit exceeded: 18085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18085 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38636 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 5.5 Medium |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | ||||
| CVE-2021-38635 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 5.5 Medium |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | ||||
| CVE-2021-38634 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-11-21 | 7.1 High |
| Microsoft Windows Update Client Elevation of Privilege Vulnerability | ||||
| CVE-2021-38633 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-38632 | 1 Microsoft | 11 Windows 10, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | 5.7 Medium |
| BitLocker Security Feature Bypass Vulnerability | ||||
| CVE-2021-38631 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 4.4 Medium |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||||
| CVE-2021-38630 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2021-38629 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 6.5 Medium |
| Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | ||||
| CVE-2021-38628 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2021-38626 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2008 Sp2 | 2024-11-21 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2021-38625 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2008 Sp2 | 2024-11-21 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2021-38624 | 1 Microsoft | 11 Windows 10, Windows 10 1809, Windows 10 1909 and 8 more | 2024-11-21 | 6.5 Medium |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | ||||
| CVE-2021-38571 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502. | ||||
| CVE-2021-38505 | 2 Microsoft, Mozilla | 4 Windows 10, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.5 Medium |
| Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2021-38492 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.5 Medium |
| When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. | ||||
| CVE-2021-38088 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 7.8 High |
| Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | ||||
| CVE-2021-38086 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 7.8 High |
| Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. | ||||
| CVE-2021-37980 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 7.4 High |
| Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | ||||
| CVE-2021-37969 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 7.8 High |
| Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | ||||
| CVE-2021-37713 | 4 Microsoft, Npmjs, Oracle and 1 more | 4 Windows, Tar, Graalvm and 1 more | 2024-11-21 | 8.2 High |
| The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves. | ||||