Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26626 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 8.1 High |
| Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. | ||||
| CVE-2021-26625 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.8 High |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. | ||||
| CVE-2021-26623 | 2 Bandisoft, Microsoft | 2 Bandizip, Windows | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function. | ||||
| CVE-2021-26622 | 2 Genians, Microsoft | 2 Genian Nac, Windows | 2024-11-21 | 9.6 Critical |
| An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. | ||||
| CVE-2021-26619 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2024-11-21 | 7.1 High |
| An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users. | ||||
| CVE-2021-26618 | 2 Microsoft, Tmax | 2 Windows, Tooffice | 2024-11-21 | 7.1 High |
| An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code. | ||||
| CVE-2021-26617 | 2 Firstmall, Microsoft | 2 Firstmall, Windows | 2024-11-21 | 8.1 High |
| This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function. | ||||
| CVE-2021-26613 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.1 High |
| improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. | ||||
| CVE-2021-26612 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.1 High |
| An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code. | ||||
| CVE-2021-26610 | 2 Microsoft, Nhn-commerce | 2 Windows, Godomall5 | 2024-11-21 | 7.2 High |
| The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code. | ||||
| CVE-2021-26608 | 2 Handysoft, Microsoft | 2 Hshell, Windows | 2024-11-21 | 8.8 High |
| An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash. | ||||
| CVE-2021-26607 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.1 High |
| An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems. | ||||
| CVE-2021-26606 | 2 Dreamsecurity, Microsoft | 2 Magicline4nx.exe, Windows | 2024-11-21 | 9.8 Critical |
| A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system. | ||||
| CVE-2021-26605 | 2 Microsoft, Unidocs | 2 Windows, Ezpdfreader | 2024-11-21 | 7.5 High |
| An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication. | ||||
| CVE-2021-26603 | 2 Bandisoft, Microsoft | 2 Ark Library, Windows | 2024-11-21 | 8.6 High |
| A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check. | ||||
| CVE-2021-26582 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 6.1 Medium |
| A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). | ||||
| CVE-2021-26472 | 2 Microsoft, Vembu | 3 Windows, Bdr Suite, Offsite Dr | 2024-11-21 | 10 Critical |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges. | ||||
| CVE-2021-26334 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2024-11-21 | 9.9 Critical |
| The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user. | ||||
| CVE-2021-25265 | 2 Microsoft, Sophos | 2 Windows, Connect | 2024-11-21 | 8.8 High |
| A malicious website could execute code remotely in Sophos Connect Client before version 2.1. | ||||
| CVE-2021-25261 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | ||||