Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42223 | 1 Online Dj Booking Management System Project | 1 Online Dj Booking Management System | 2021-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | |||||
| CVE-2021-35060 | 1 Openwaygroup | 1 Way4 | 2021-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| /way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system. | |||||
| CVE-2021-41361 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2021-10-19 | 3.5 LOW | 3.5 LOW |
| Active Directory Federation Server Spoofing Vulnerability | |||||
| CVE-2021-41357 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. | |||||
| CVE-2021-20127 | 1 Draytek | 1 Vigorconnect | 2021-10-19 | 8.5 HIGH | 8.1 HIGH |
| An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges. | |||||
| CVE-2021-40889 | 1 Cmsuno Project | 1 Cmsuno | 2021-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code. | |||||
| CVE-2021-41350 | 1 Microsoft | 1 Exchange Server | 2021-10-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-41830 | 1 Apache | 1 Openoffice | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. | |||||
| CVE-2021-41354 | 1 Microsoft | 1 Dynamics 365 | 2021-10-19 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2021-41353 | 1 Microsoft | 1 Dynamics 365 | 2021-10-19 | 3.5 LOW | 3.5 LOW |
| Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | |||||
| CVE-2021-41831 | 1 Apache | 1 Openoffice | 2021-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory. | |||||
| CVE-2021-41832 | 1 Apache | 1 Openoffice | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. | |||||
| CVE-2021-20126 | 1 Draytek | 1 Vigorconnect | 2021-10-19 | 6.8 MEDIUM | 8.8 HIGH |
| Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | |||||
| CVE-2021-41352 | 1 Microsoft | 1 System Center Operations Manager | 2021-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| SCOM Information Disclosure Vulnerability | |||||
| CVE-2021-40457 | 1 Microsoft | 1 Dynamics 365 | 2021-10-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2021-41348 | 1 Microsoft | 1 Exchange Server | 2021-10-19 | 5.2 MEDIUM | 8.0 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2021-41347 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-41346 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| Console Window Host Security Feature Bypass Vulnerability | |||||
| CVE-2021-41345 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2021-10-19 | 7.2 HIGH | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489. | |||||
| CVE-2021-41343 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-10-19 | 2.1 LOW | 5.5 MEDIUM |
| Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662. | |||||