Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38295 | 1 Apache | 1 Couchdb | 2021-10-20 | 6.0 MEDIUM | 7.3 HIGH |
| In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2 | |||||
| CVE-2021-41357 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. | |||||
| CVE-2021-41348 | 1 Microsoft | 1 Exchange Server | 2021-10-19 | 5.2 MEDIUM | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2021-41347 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-41345 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489. | |||||
| CVE-2021-41339 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2021-41335 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-41334 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||
| CVE-2021-40489 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345. | |||||
| CVE-2021-40488 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345. | |||||
| CVE-2021-40478 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345. | |||||
| CVE-2021-40477 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-40470 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-40467 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466. | |||||
| CVE-2021-40466 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467. | |||||
| CVE-2019-3588 | 1 Mcafee | 1 Virusscan Enterprise | 2021-10-19 | 6.9 MEDIUM | 6.8 MEDIUM |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked. | |||||
| CVE-2019-3585 | 1 Mcafee | 1 Virusscan Enterprise | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges. | |||||
| CVE-2021-22263 | 1 Gitlab | 1 Gitlab | 2021-10-18 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects. | |||||
| CVE-2021-27664 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2021-10-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | |||||
| CVE-2021-0583 | 1 Google | 1 Android | 2021-10-18 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-182282956 | |||||