Total
32325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28315 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Media Video Decoder Remote Code Execution Vulnerability | |||||
| CVE-2021-28314 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2021-28312 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Windows NTFS Denial of Service Vulnerability | |||||
| CVE-2021-28311 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows Application Compatibility Cache Denial of Service Vulnerability | |||||
| CVE-2021-28309 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2021-28276 | 1 Jhead Project | 1 Jhead | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. | |||||
| CVE-2021-28213 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | |||||
| CVE-2021-28156 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10. | |||||
| CVE-2021-28155 | 1 Jbl | 2 Tune500bt, Tune500bt Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. | |||||
| CVE-2021-28139 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. | |||||
| CVE-2021-28134 | 1 Clipper Project | 1 Clipper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. | |||||
| CVE-2021-28121 | 1 Virtual Robots.txt Project | 1 Virtual Robots.txt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field. | |||||
| CVE-2021-28119 | 1 Twinkletray | 1 Twinkle Tray | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API. | |||||
| CVE-2021-28117 | 1 Kde | 1 Discover | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) | |||||
| CVE-2021-28100 | 1 Netflix | 1 Priam | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process. | |||||
| CVE-2021-28075 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. | |||||
| CVE-2021-28037 | 1 Internment Project | 1 Internment | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. | |||||
| CVE-2021-27983 | 1 Max-3000 | 1 Maxsite Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page. | |||||
| CVE-2021-27962 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. | |||||
| CVE-2021-27942 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed. | |||||