| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-40486 | Hig | 0.51 | 7.8 | 0.06 | Oct 13, 2021 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2021-40485 | Hig | 0.51 | 7.8 | 0.03 | Oct 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-40484 | Hig | 0.50 | 7.6 | 0.01 | Oct 13, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-40483 | Hig | 0.50 | 7.6 | 0.01 | Oct 13, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-40481 | Hig | 0.47 | 7.1 | 0.06 | Oct 13, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | ||
| CVE-2021-40480 | Hig | 0.51 | 7.8 | 0.05 | Oct 13, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | ||
| CVE-2021-40479 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-40478 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | Storage Spaces Controller Elevation of Privilege Vulnerability | ||
| CVE-2021-40477 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-40476 | Hig | 0.49 | 7.5 | 0.02 | Oct 13, 2021 | Windows AppContainer Elevation Of Privilege Vulnerability | ||
| CVE-2021-40474 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-40473 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-40471 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-40470 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-40469 | Hig | 0.47 | 7.2 | 0.07 | Oct 13, 2021 | Windows DNS Server Remote Code Execution Vulnerability | ||
| CVE-2021-40467 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-40466 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-40465 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2021 | Windows Text Shaping Remote Code Execution Vulnerability | ||
| CVE-2021-40464 | Hig | 0.52 | 8.0 | 0.01 | Oct 13, 2021 | Windows Nearby Sharing Elevation of Privilege Vulnerability | ||
| CVE-2021-40463 | Hig | 0.50 | 7.7 | 0.02 | Oct 13, 2021 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | ||
| CVE-2021-40462 | Hig | 0.51 | 7.8 | 0.02 | Oct 13, 2021 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | ||
| CVE-2021-40461 | Hig | 0.52 | 8.0 | 0.01 | Oct 13, 2021 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2021-40457 | Hig | 0.48 | 7.4 | 0.02 | Oct 13, 2021 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | ||
| CVE-2021-40450 | Hig | 0.63 | 7.8 | 0.02 | KEV | Oct 13, 2021 | Win32k Elevation of Privilege Vulnerability | |
| CVE-2021-40449 | Hig | 0.78 | 7.8 | 0.73 | KEV | Oct 13, 2021 | Win32k Elevation of Privilege Vulnerability | |
| CVE-2021-40443 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-38672 | Hig | 0.52 | 8.0 | 0.01 | Oct 13, 2021 | Windows Hyper-V Remote Code Execution Vulnerability | ||
| CVE-2021-36970 | Hig | 0.57 | 8.8 | 0.03 | Oct 13, 2021 | Windows Print Spooler Spoofing Vulnerability | ||
| CVE-2021-36953 | Hig | 0.49 | 7.5 | 0.05 | Oct 13, 2021 | Windows TCP/IP Denial of Service Vulnerability | ||
| CVE-2021-34453 | Hig | 0.49 | 7.5 | 0.03 | Oct 13, 2021 | Microsoft Exchange Server Denial of Service Vulnerability | ||
| CVE-2021-26442 | Hig | 0.46 | 7.0 | 0.01 | Oct 13, 2021 | Windows HTTP.sys Elevation of Privilege Vulnerability | ||
| CVE-2021-26441 | Hig | 0.51 | 7.8 | 0.01 | Oct 13, 2021 | Storage Spaces Controller Elevation of Privilege Vulnerability | ||
| CVE-2021-3330 | Hig | 0.46 | 7.1 | 0.01 | Oct 12, 2021 | RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA… | ||
| CVE-2021-3323 | Hig | 0.54 | 8.3 | 0.01 | Oct 12, 2021 | Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc | ||
| CVE-2021-3321 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99 | ||
| CVE-2021-38862 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980. | ||
| CVE-2021-29645 | Hig | 0.46 | 7.0 | 0.00 | Oct 12, 2021 | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | ||
| CVE-2021-29644 | Hig | 0.53 | 8.1 | 0.02 | Oct 12, 2021 | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS. | ||
| CVE-2021-35496 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO… | ||
| CVE-2021-37732 | Hig | 0.47 | 7.2 | 0.03 | Oct 12, 2021 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and… | ||
| CVE-2021-40500 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation… | ||
| CVE-2021-38181 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | ||
| CVE-2021-38178 | Hig | 0.57 | 8.8 | 0.01 | Oct 12, 2021 | The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this… | ||
| CVE-2021-37730 | Hig | 0.47 | 7.2 | 0.03 | Oct 12, 2021 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and… | ||
| CVE-2021-37727 | Hig | 0.47 | 7.2 | 0.03 | Oct 12, 2021 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba… | ||
| CVE-2021-38460 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2021 | A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||
| CVE-2021-38452 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2021 | A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||
| CVE-2021-25634 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice… | ||
| CVE-2020-28145 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | ||
| CVE-2021-41546 | Hig | 0.49 | 7.5 | 0.01 | Oct 12, 2021 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1),… |
- risk 0.51cvss 7.8epss 0.06
Microsoft Word Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.47cvss 7.1epss 0.06
Microsoft Office Visio Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.05
Microsoft Office Visio Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Storage Spaces Controller Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.02
Windows AppContainer Elevation Of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
DirectX Graphics Kernel Elevation of Privilege Vulnerability
- risk 0.47cvss 7.2epss 0.07
Windows DNS Server Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.02
Windows Text Shaping Remote Code Execution Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows Nearby Sharing Elevation of Privilege Vulnerability
- risk 0.50cvss 7.7epss 0.02
Windows Network Address Translation (NAT) Denial of Service Vulnerability
- risk 0.51cvss 7.8epss 0.02
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.48cvss 7.4epss 0.02
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
- risk 0.63cvss 7.8epss 0.02
Win32k Elevation of Privilege Vulnerability
- risk 0.78cvss 7.8epss 0.73
Win32k Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows Hyper-V Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.03
Windows Print Spooler Spoofing Vulnerability
- risk 0.49cvss 7.5epss 0.05
Windows TCP/IP Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.03
Microsoft Exchange Server Denial of Service Vulnerability
- risk 0.46cvss 7.0epss 0.01
Windows HTTP.sys Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Storage Spaces Controller Elevation of Privilege Vulnerability
- risk 0.46cvss 7.1epss 0.01
RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr. Zephyr versions >= >=2.4.0 contain Out-of-bounds Write (CWE-787). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA…
- risk 0.54cvss 8.3epss 0.01
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
- risk 0.49cvss 7.5epss 0.01
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
- risk 0.49cvss 7.5epss 0.01
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.
- risk 0.46cvss 7.0epss 0.00
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
- risk 0.53cvss 8.1epss 0.02
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS.
- risk 0.49cvss 7.5epss 0.01
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO…
- risk 0.47cvss 7.2epss 0.03
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and…
- risk 0.49cvss 7.5epss 0.01
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation…
- risk 0.49cvss 7.5epss 0.01
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
- risk 0.57cvss 8.8epss 0.01
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this…
- risk 0.47cvss 7.2epss 0.03
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and…
- risk 0.47cvss 7.2epss 0.03
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba…
- risk 0.49cvss 7.5epss 0.02
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
- risk 0.49cvss 7.5epss 0.02
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
- risk 0.49cvss 7.5epss 0.01
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice…
- risk 0.49cvss 7.5epss 0.01
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
- risk 0.49cvss 7.5epss 0.01
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1),…