Uncategorized CVEs — 2021 (Page 2/26)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2021-12-15

Critical

CVE-2021-43905

Microsoft Office app Remote Code Execution Vulnerability

CVSS: 9.6CWE: N/A

Critical

CVE-2021-43899

Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

CVSS: 9.8CWE: N/A

Medium

CVE-2021-43896

Microsoft PowerShell Spoofing Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43892

Microsoft BizTalk ESB Toolkit Spoofing Vulnerability

CVSS: 7.4CWE: N/A

High

CVE-2021-43891

Visual Studio Code Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially…

CVSS: 7.1CWE: N/A

High

CVE-2021-43889

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVSS: 7.2CWE: N/A

High

CVE-2021-43888

Microsoft Defender for IoT Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2021-43883

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-43880

Windows Mobile Device Management Elevation of Privilege Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43877

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2021-43875

Microsoft Office Graphics Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43256

Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-43255

Microsoft Office Trust Center Spoofing Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43248

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-43246

Windows Hyper-V Denial of Service Vulnerability

CVSS: 5.6CWE: N/A

High

CVE-2021-43245

Windows Digital TV Tuner Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-43244

Windows Kernel Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2021-43243

VP9 Video Extensions Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43242

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.6CWE: N/A

High

CVE-2021-43240

NTFS Set Short Name Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43239

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVSS: 7.1CWE: N/A

High

CVE-2021-43236

Microsoft Message Queuing Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2021-43235

Storage Spaces Controller Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43234

Windows Fax Service Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43233

Remote Desktop Client Remote Code Execution Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2021-43232

Windows Event Tracing Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43231

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43230

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43229

Windows NTFS Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43228

SymCrypt Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2021-43227

Storage Spaces Controller Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43226

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43225

Bot Framework SDK Remote Code Execution Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2021-43224

Windows Common Log File System Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-43223

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43222

Microsoft Message Queuing Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2021-43219

DirectX Graphics Kernel File Denial of Service Vulnerability

CVSS: 7.4CWE: N/A

High

CVE-2021-43217

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A

High

CVE-2021-43214

Web Media Extensions Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-43207

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-42315

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2021-42314

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

High

CVE-2021-42312

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-42310

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVSS: 8.1CWE: N/A

Medium

CVE-2021-42295

Visual Basic for Applications Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-42294

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2CWE: N/A

Medium

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2021-41360

HEVC Video Extensions Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-41333

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40453

HEVC Video Extensions Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40452

HEVC Video Extensions Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-40441

Windows Media Center Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-4111

yetiforcecrm is vulnerable to Business Logic Errors

CVSS: 4.3CWE: CWE-840

High

CVE-2020-23545

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531.

CVSS: 7.8CWE: N/A

High

CVE-2019-19138

Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade integrity.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-40171

The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legiti…

CVSS: 5.3CWE: N/A

2021-12-14

High

CVE-2021-43051

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious cust…

CVSS: 7.1CWE: N/A

Medium

CVE-2021-34426

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a mali…

CVSS: 5.3CWE: N/A

High

CVE-2021-38950

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.

CVSS: 7.8CWE: N/A

High

CVE-2021-3376

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.

CVSS: 8.8CWE: N/A

Medium

CVE-2021-36721

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.

CVSS: 4.4CWE: N/A

2021-12-13

Critical

CVE-2021-32024

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

CVSS: 9.8CWE: N/A

High

CVE-2021-39053

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin…

CVSS: 7.5CWE: N/A

Critical

CVE-2021-39052

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523.

CVSS: 9.8CWE: N/A

Medium

CVE-2020-16155

The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.

CVSS: 6.5CWE: N/A

Low

CVE-2021-39931

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Und…

CVSS: 3.1CWE: N/A

Medium

CVE-2021-36169

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.

CVSS: 4.2CWE: N/A

Medium

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attribute…

CVSS: 4.8CWE: N/A

High

CVE-2021-44153

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windo…

CVSS: 7.2CWE: N/A

2021-12-12

Critical

CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17…

CVSS: 9.8CWE: N/A

2021-12-10

High

CVE-2021-26340

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior ins…

CVSS: 8.4CWE: N/A

Medium

CVE-2020-12890

Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic En…

CVSS: 6.7CWE: N/A

Critical

CVE-2021-23639

The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.

CVSS: 9.8CWE: N/A

Critical

CVE-2021-27983

Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.

CVSS: 9.8CWE: N/A

Medium

CVE-2021-38937

IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the system to crash using a specially crafted IBMi Hypervisor call. IBM X-Force ID: 210894.

CVSS: 6.5CWE: N/A

Critical

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted servi…

CVSS: 9.1CWE: N/A

High

CVE-2021-29214

A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenticated SSMC administrator could exploit the vulnerability to inject code and elevate their privilege…

CVSS: 7.2CWE: N/A

2021-12-09

Critical

CVE-2021-43703

An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.

CVSS: 9.8CWE: N/A

High

CVE-2021-38951

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to caus…

CVSS: 7.5CWE: N/A

Medium

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks…

CVSS: 5.5CWE: N/A

High

CVE-2021-22568

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. U…

CVSS: 8.8CWE: CWE-255

High

CVE-2021-20373

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restricti…

CVSS: 7.5CWE: N/A

Medium

CVE-2021-36167

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control v…

CVSS: 4.3CWE: N/A

Medium

CVE-2021-43204

A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete den…

CVSS: 4.4CWE: N/A

2021-12-08

Medium

CVE-2021-43541

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishin…

CVSS: 4.3CWE: N/A

High

CVE-2021-38510

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating s…

CVSS: 8.8CWE: N/A

High

CVE-2021-41021

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

CVSS: 7.8CWE: N/A

High

CVE-2021-42110

An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.

CVSS: 7.1CWE: N/A

Medium

CVE-2021-37093

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages.

CVSS: 5.3CWE: N/A

High

CVE-2021-37075

There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.

CVSS: 7.5CWE: N/A

High

CVE-2021-37053

There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

CVSS: 7.5CWE: N/A

High

CVE-2021-37037

There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart.

CVSS: 7.5CWE: N/A

Low

CVE-2021-25514

An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.

CVSS: 3.3CWE: N/A

Medium

CVE-2021-36190

A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP req…

CVSS: 5.5CWE: N/A

Medium

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0…

CVSS: 5.3CWE: N/A

High

CVE-2021-26110

An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authe…

CVSS: 7.8CWE: N/A

High

CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

CVSS: 7.3CWE: N/A

2021-12-07

High

CVE-2021-44149

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, res…

CVSS: 7.8CWE: N/A

High

CVE-2021-28680

The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of…

CVSS: 8.1CWE: N/A

Critical

CVE-2021-40859

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.

CVSS: 9.8CWE: N/A

High

CVE-2021-37091

There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.

CVSS: 7.5CWE: N/A

High

CVE-2021-37071

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos.

CVSS: 7.5CWE: N/A

High

CVE-2021-37068

There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks.

CVSS: 7.5CWE: N/A

Critical

CVE-2021-37063

There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices.

CVSS: 9.8CWE: N/A

Critical

CVE-2021-37059

There is a Weaknesses Introduced During Design

CVSS: 9.8CWE: N/A

Medium

CVE-2021-37058

There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user's nickname is maliciously tampered with.

CVSS: 5.3CWE: N/A

Medium

CVE-2021-37055

There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

CVSS: 5.3CWE: N/A

High

CVE-2021-37038

There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-40095

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the…

CVSS: 4.9CWE: N/A

High

CVE-2021-28703

grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associa…

CVSS: 7.0CWE: N/A

2021-12-06

Medium

CVE-2021-43043

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.

CVSS: 6.5CWE: N/A

High

CVE-2021-43040

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.

CVSS: 8.8CWE: N/A

Medium

CVE-2021-43039

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.

CVSS: 6.5CWE: N/A

2021-12-03

High

CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed i…

CVSS: 8.8CWE: N/A

Medium

CVE-2021-29867

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.

CVSS: 5.4CWE: N/A

Medium

CVE-2021-29719

IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091

CVSS: 5.3CWE: N/A

Medium

CVE-2021-29716

IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.

CVSS: 6.5CWE: N/A