Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36968 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows DNS Elevation of Privilege Vulnerability | |||||
| CVE-2021-35313 | 2021-09-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2021-36963 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633. | |||||
| CVE-2021-36962 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-09-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Installer Information Disclosure Vulnerability | |||||
| CVE-2021-36961 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 3.6 LOW | 6.1 MEDIUM |
| Windows Installer Denial of Service Vulnerability | |||||
| CVE-2021-23043 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-09-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-36952 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2021-40824 | 1 Matrix | 2 Element, Matrix-android-sdk2 | 2021-09-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients. | |||||
| CVE-2021-40823 | 1 Matrix | 1 Javascript Sdk | 2021-09-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients. | |||||
| CVE-2020-21049 | 1 Libsixel Project | 1 Libsixel | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | |||||
| CVE-2020-21048 | 1 Libsixel Project | 1 Libsixel | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. | |||||
| CVE-2021-36960 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-36972. | |||||
| CVE-2021-36956 | 1 Microsoft | 1 Azure Sphere | 2021-09-24 | 2.1 LOW | 4.4 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2021-36955 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633. | |||||
| CVE-2021-36954 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2021-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-26435 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2021-09-24 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-38175 | 1 Sap | 1 Analysis For Microsoft Office | 2021-09-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality. | |||||
| CVE-2021-38164 | 1 Sap | 1 Erp Financial Accounting | 2021-09-24 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to. | |||||
| CVE-2021-37181 | 1 Siemens | 3 Cerberus Dms, Desigo Cc, Desigo Cc Compact | 2021-09-24 | 7.5 HIGH | 10.0 CRITICAL |
| A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability. | |||||
| CVE-2021-37201 | 1 Siemens | 1 Sinec Network Management System | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. | |||||