Total
34251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24074 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 9.8 Critical |
| Windows TCP/IP Remote Code Execution Vulnerability | ||||
| CVE-2021-24073 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2024-11-21 | 6.5 Medium |
| Skype for Business and Lync Spoofing Vulnerability | ||||
| CVE-2021-24072 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2021-24071 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 5.3 Medium |
| Microsoft SharePoint Information Disclosure Vulnerability | ||||
| CVE-2021-24069 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-24068 | 1 Microsoft | 3 Excel, Office Web Apps, Office Web Apps Server | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-24027 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 7.5 High |
| A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. | ||||
| CVE-2021-24011 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 6.3 Medium |
| A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. | ||||
| CVE-2021-23974 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23972 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23971 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. | ||||
| CVE-2021-23969 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 4.3 Medium |
| As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | ||||
| CVE-2021-23962 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23961 | 3 Debian, Mozilla, Redhat | 4 Debian Linux, Firefox, Enterprise Linux and 1 more | 2024-11-21 | 7.4 High |
| Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23960 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.8 High |
| Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||||
| CVE-2021-23957 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.4 High |
| Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23956 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23953 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 4.3 Medium |
| If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||||
| CVE-2021-23907 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2024-11-21 | 2.9 Low |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution. | ||||
| CVE-2021-23900 | 1 Owasp | 1 Json-sanitizer | 2024-11-21 | 7.5 High |
| OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations. | ||||