Search Results (363165 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-38635 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 5.5 Medium
Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVE-2021-38634 1 Microsoft 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more 2024-11-21 7.1 High
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2021-38633 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2021-38632 1 Microsoft 11 Windows 10, Windows 10 1607, Windows 10 1809 and 8 more 2024-11-21 5.7 Medium
BitLocker Security Feature Bypass Vulnerability
CVE-2021-38631 1 Microsoft 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more 2024-11-21 4.4 Medium
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2021-38630 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-38629 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 6.5 Medium
Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVE-2021-38628 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2021-38626 1 Microsoft 2 Windows Server 2008, Windows Server 2008 Sp2 2024-11-21 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38625 1 Microsoft 2 Windows Server 2008, Windows Server 2008 Sp2 2024-11-21 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-38624 1 Microsoft 11 Windows 10, Windows 10 1809, Windows 10 1909 and 8 more 2024-11-21 6.5 Medium
Windows Key Storage Provider Security Feature Bypass Vulnerability
CVE-2021-38623 1 Deferred Image Processing Project 1 Deferred Image Processing 2024-11-21 7.5 High
The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
CVE-2021-38621 1 Netless 1 Flat Server 2024-11-21 9.1 Critical
The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.
CVE-2021-38619 1 Openbaraza 1 Openbaraza Human Capital Management 2024-11-21 6.1 Medium
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).
CVE-2021-38614 1 Polipo Project 1 Polipo 2024-11-21 7.5 High
Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-38613 1 Nascent 1 Remkon Device Manager 2024-11-21 9.8 Critical
The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.
CVE-2021-38612 1 Nascent 1 Remkon Device Manager 2024-11-21 7.5 High
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.
CVE-2021-38611 1 Nascent 1 Remkon Device Manager 2024-11-21 9.8 Critical
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.
CVE-2021-38608 1 Tranquil 1 Wapt 2024-11-21 7.8 High
Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent.
CVE-2021-38607 1 Crocoblock 1 Jetengine 2024-11-21 5.4 Medium
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.