31 matches found
CVE-2026-21238
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-21238
creationtimestamp| type| source ---|---|--- 2026-02-10 17:30:28+00:00| seen| https://www.thezdi.com/blog/2026/2/10/the-february-2026-security-update-review 2026-02-10 18:01:45+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0053...
Linux Distros Unpatched Vulnerability : CVE-2021-21238
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2024-21238
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.1 an...
CVE-2023-21238
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-21238
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks...
CVE-2018-21238
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer0xfffffffe call...
SUSE CVE-2024-21238
unknown...
Azure Linux 3.0 Security Update: mysql (CVE-2024-21238)
The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21238 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versio...
CVE-2025-21238
CVE-2025-21238 affects the Windows Telephony Service and is a remote code execution vulnerability. The initial data lists CVSS 3.1 with NETWORK attack vector, LOW attack complexity, no privileges required, and user interaction required; impact is high on confidentiality, integrity, and availabili...
CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability
...
CVE-2024-21238 affecting package mysql for versions less than 8.0.40-1
CVE-2024-21238 affecting package mysql for versions less than 8.0.40-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-21238 affecting package mysql for versions less than 8.0.40-1
CVE-2024-21238 affecting package mysql for versions less than 8.0.40-1. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: mysql (CVE-2024-21238)
The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21238 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versio...
CVE-2024-21238
...
CVE-2023-21238
creationtimestamp| type| source ---|---|--- 2023-07-13 07:45:16+00:00| seen| https://t.me/cibsecurity/66619...
CVE-2023-21238
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21238
CVE-2023-21238 affects Google's Android framework: in RemoteViews.visitUris, a confused-deputy flaw can leak images between users, causing local information disclosure without extra privileges or user interaction. The issue is documented in the 2023-07-01 Android Security Bulletin (Framework sect...
CVE-2022-21238
A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-21238
The CVE-2022-21238 issue affects InHand Networks InRouter302 (V3.5.4). TALOS reports describe a cross-site scripting (XSS) vulnerability in the web server’s info.jsp endpoint, where input is injected via the _resmsg parameter and evaluated, allowing arbitrary Javascript execution when accessed by...