Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26894 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2021-09-12 | 10.0 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26895, CVE-2021-26897. | |||||
| CVE-2021-26897 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2021-09-12 | 10.0 HIGH | 9.8 CRITICAL |
| Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895. | |||||
| CVE-2021-40532 | 1 Telegram | 1 Web K Alpha | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension. | |||||
| CVE-2021-38641 | 2 Google, Microsoft | 2 Android, Edge | 2021-09-10 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2021-38642 | 2 Apple, Microsoft | 2 Iphone Os, Edge | 2021-09-10 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2021-26439 | 2 Google, Microsoft | 2 Android, Edge | 2021-09-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Microsoft Edge for Android Information Disclosure Vulnerability | |||||
| CVE-2021-34150 | 1 Bluetrum | 2 Ab5301a, Ab5301a Firmware | 2021-09-10 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. | |||||
| CVE-2021-28139 | 1 Espressif | 2 Esp-idf, Esp32 | 2021-09-09 | 8.3 HIGH | 8.8 HIGH |
| The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload. | |||||
| CVE-2021-34144 | 1 Zh-jieli | 15 Ac6936, Ac6951, Ac6952 and 12 more | 2021-09-09 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity. | |||||
| CVE-2021-34149 | 1 Ti | 2 Cc256xcqfn-em, Cc256xcqfn-em Firmware | 2021-09-09 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after the paging procedure. | |||||
| CVE-2021-28155 | 1 Jbl | 2 Tune500bt, Tune500bt Firmware | 2021-09-09 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. | |||||
| CVE-2021-31613 | 1 Zh-jieli | 10 Ac6901, Ac6901 Firmware, Ac6921 and 7 more | 2021-09-09 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet. | |||||
| CVE-2021-36093 | 1 Otrs | 1 Otrs | 2021-09-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | |||||
| CVE-2021-40089 | 1 Primekey | 1 Ejbca | 2021-09-09 | 1.9 LOW | 2.3 LOW |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run. | |||||
| CVE-2018-6311 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2021-09-09 | 7.2 HIGH | 6.8 MEDIUM |
| One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications. | |||||
| CVE-2021-29851 | 1 Ibm | 1 Planning Analytics | 2021-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. | |||||
| CVE-2019-1255 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | |||||
| CVE-2018-8327 | 1 Microsoft | 2 Powershell Editor Services, Powershell Extension | 2021-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. | |||||
| CVE-2019-1161 | 1 Microsoft | 11 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 8 more | 2021-09-09 | 6.6 MEDIUM | 7.1 HIGH |
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1002 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2021-09-09 | 6.6 MEDIUM | 7.1 HIGH |
| An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | |||||