CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 43/121 • 14516 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14516 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-02-06
High

CVE-2007-20001

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects i…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2022-02-04
High

CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2022-23611

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injecti…

CVSS: 8.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2022-23609

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file dele…

CVSS: 8.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-44206

Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Ac…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-44205

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) b…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) be…

CVSS: 7.8 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2021-29218

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited…

CVSS: 6.7 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2022-02-01
Medium

CVE-2022-23774

Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.

CVSS: 5.3 CWE: N/A View on NVD
2022-01-31
High

CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.

CVSS: 7.5 CWE: N/A View on NVD
2022-01-28
Medium

CVE-2022-22938

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueTy…

CVSS: 6.5 CWE: N/A View on NVD
2022-01-26
High

CVE-2021-45975

In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2022-01-25
Medium

CVE-2022-23032

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebin…

CVSS: 5.3 CWE: CWE-346 - Origin Validation Error View on NVD
2022-01-20
Medium

CVE-2022-22820

Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windo…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2022-01-19
Low

CVE-2022-21295

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low pr…

CVSS: 3.8 CWE: N/A View on NVD
High

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed i…

CVSS: 7.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux D…

CVSS: 5.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2022-01-14
Medium

CVE-2021-39032

IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2022-01-12
Medium

CVE-2022-0014

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to stor…

CVSS: 6.7 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2022-0012

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impa…

CVSS: 6.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2022-01-11
Medium

CVE-2022-21963

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2022-21962

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2022-21961

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2022-21960

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2022-21959

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2022-21958

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2022-21928

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.3 CWE: N/A View on NVD
Medium

CVE-2022-21925

Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2022-21921

Windows Defender Credential Guard Security Feature Bypass Vulnerability

CVSS: 4.4 CWE: N/A View on NVD
High

CVE-2022-21920

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-21919

Windows User Profile Service Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-21916

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-21915

Windows GDI+ Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-21914

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21908

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-21906

Windows Defender Application Control Security Feature Bypass Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-21905

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2022-21904

Windows GDI Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-21903

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21902

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2022-21901

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2022-21900

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2022-21899

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-21897

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21896

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-21895

Windows User Profile Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2022-21892

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2022-21890

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-21889

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-21888

Windows Modern Execution Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21885

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21883

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-21881

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-21880

Windows GDI+ Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-21879

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2022-21878

Windows Geolocation Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21875

Windows Storage Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21874

Windows Security Center API Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21872

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21870

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21868

Windows Devices Human Interface Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21867

Windows Push Notifications Apps Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21866

Windows System Launcher Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21862

Windows Application Model Core API Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21860

Windows AppContracts API Server Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21859

Windows Accounts Control Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2022-21858

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-21852

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2022-21849

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2022-21848

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-21847

Windows Hyper-V Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-21843

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-21839

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2022-21838

Windows Cleanup Manager Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-21836

Windows Certificate Spoofing Vulnerability

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2022-21834

Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
2022-01-03
Medium

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configure…

CVSS: 4.3 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
Medium

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determin…

CVSS: 5.3 CWE: CWE-203 - Observable Discrepancy View on NVD
2021-12-23
Medium

CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function…

CVSS: 4.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing malic…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Critical

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to anoth…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2021-12-22
High

CVE-2021-21912

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the syste…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-21911

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the syste…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-21910

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the syste…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2021-45459

lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2021-12-20
High

CVE-2021-42138

A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.

CVSS: 7.2 CWE: CWE-331 - Insufficient Entropy View on NVD
Medium

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a use…

CVSS: 5.3 CWE: CWE-203 - Observable Discrepancy View on NVD
2021-12-16
High

CVE-2021-45100

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CA…

CVSS: 7.5 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2021-12-15
High

CVE-2021-43893

Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2021-43883

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-43880

Windows Mobile Device Management Elevation of Privilege Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-43248

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43247

Windows TCP/IP Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2021-43246

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.6 CWE: N/A View on NVD
High

CVE-2021-43245

Windows Digital TV Tuner Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-43244

Windows Kernel Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-43239

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2021-43238

Windows Remote Access Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-43237

Windows Setup Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-43234

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43232

Windows Event Tracing Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43231

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43230

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43229

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43226

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-43224

Windows Common Log File System Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-43223

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43217

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2021-43207

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-41333

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-40441

Windows Media Center Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-43326

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-43325

Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-40827

Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-40826

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2021-12-14
Medium

CVE-2021-34426

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a mali…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-34425

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In ver…

CVSS: 4.7 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD