Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38657 | 1 Microsoft | 1 365 Apps | 2021-09-24 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Office Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2021-23036 | 1 F5 | 3 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager, Big-ip Datasafe | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-38661 | 1 Microsoft | 1 Hevc Video Extensions | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-38667 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447. | |||||
| CVE-2021-20569 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-09-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243. | |||||
| CVE-2021-38671 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447. | |||||
| CVE-2021-20508 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-09-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322. | |||||
| CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||||
| CVE-2021-39391 | 1 Beego | 1 Beego | 2021-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. | |||||
| CVE-2021-40440 | 1 Microsoft | 1 Dynamics 365 Business Central | 2021-09-24 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-40447 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671. | |||||
| CVE-2021-40448 | 1 Microsoft | 1 Accessibility Insights For Android | 2021-09-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | |||||
| CVE-2021-38653 | 1 Microsoft | 2 365 Apps, Office | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654. | |||||
| CVE-2021-23041 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2021-09-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23040 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2021-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23046 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2021-09-24 | 3.5 LOW | 4.9 MEDIUM |
| On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-41033 | 1 Eclipse | 1 Equinox | 2021-09-24 | 6.8 MEDIUM | 8.1 HIGH |
| In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code. | |||||
| CVE-2021-36964 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38630. | |||||
| CVE-2021-36966 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||
| CVE-2021-23042 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-09-24 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||