Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42278 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2021-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291. | |||||
| CVE-2021-38631 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 2.1 LOW | 4.4 MEDIUM |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41371. | |||||
| CVE-2021-41367 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283. | |||||
| CVE-2021-42279 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-11-12 | 5.1 MEDIUM | 7.5 HIGH |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-41366 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||
| CVE-2021-42280 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Feedback Hub Elevation of Privilege Vulnerability | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2021-11-12 | 6.8 MEDIUM | 9.6 CRITICAL |
| Power BI Report Server Spoofing Vulnerability | |||||
| CVE-2021-41370 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-42283. | |||||
| CVE-2021-41368 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2021-11-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Access Remote Code Execution Vulnerability | |||||
| CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2021-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | |||||
| CVE-2021-42772 | 1 Broadcom | 2 Emulex Hba Manager, One Command Manager | 2021-11-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated | |||||
| CVE-2021-43187 | 2 Apple, Jetbrains | 2 Iphone Os, Youtrack Mobile | 2021-11-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. | |||||
| CVE-2021-43185 | 1 Jetbrains | 1 Youtrack | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. | |||||
| CVE-2021-43184 | 1 Jetbrains | 1 Youtrack | 2021-11-12 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. | |||||
| CVE-2021-35477 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2021-11-10 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. | |||||
| CVE-2021-24767 | 1 Fullworks | 1 Redirect 404 Error Page To Homepage Or Custom Page With Logs | 2021-11-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack | |||||
| CVE-2019-18912 | 1 Hp | 23 Futuresmart 4, Laserjet Enterprise Flow Mfp M527 F2a78v, Laserjet Enterprise Flow Mfp M527 F2a79a and 20 more | 2021-11-10 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | |||||
| CVE-2021-37207 | 1 Siemens | 1 Sentron Powermanager 3 | 2021-11-10 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2021-24766 | 1 404 To 301 Project | 1 404 To 301 | 2021-11-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack | |||||
| CVE-2021-24698 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2021-11-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. | |||||