| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38654 | Hig | 0.51 | 7.8 | 0.05 | Sep 15, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | ||
| CVE-2021-38653 | Hig | 0.51 | 7.8 | 0.05 | Sep 15, 2021 | Microsoft Office Visio Remote Code Execution Vulnerability | ||
| CVE-2021-38652 | Hig | 0.49 | 7.6 | 0.01 | Sep 15, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-38651 | Hig | 0.49 | 7.6 | 0.01 | Sep 15, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2021-38650 | Hig | 0.50 | 7.6 | 0.01 | Sep 15, 2021 | Microsoft Office Spoofing Vulnerability | ||
| CVE-2021-38649 | Hig | 0.58 | 7.0 | 0.02 | KEV | Sep 15, 2021 | Open Management Infrastructure Elevation of Privilege Vulnerability | |
| CVE-2021-38648 | Hig | 0.67 | 7.8 | 0.11 | KEV | Sep 15, 2021 | Open Management Infrastructure Elevation of Privilege Vulnerability | |
| CVE-2021-38646 | Hig | 0.69 | 7.8 | 0.04 | KEV | Sep 15, 2021 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | |
| CVE-2021-38645 | Hig | 0.63 | 7.8 | 0.02 | KEV | Sep 15, 2021 | Open Management Infrastructure Elevation of Privilege Vulnerability | |
| CVE-2021-38644 | Hig | 0.51 | 7.8 | 0.02 | Sep 15, 2021 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | ||
| CVE-2021-38639 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2021-38638 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2021-38634 | Hig | 0.46 | 7.1 | 0.01 | Sep 15, 2021 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | ||
| CVE-2021-38633 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2021 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-38630 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-38628 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||
| CVE-2021-38626 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-38625 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2021-36975 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2021 | Win32k Elevation of Privilege Vulnerability | ||
| CVE-2021-36974 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows SMB Elevation of Privilege Vulnerability | ||
| CVE-2021-36973 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | ||
| CVE-2021-36968 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows DNS Elevation of Privilege Vulnerability | ||
| CVE-2021-36967 | Hig | 0.52 | 8.0 | 0.01 | Sep 15, 2021 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | ||
| CVE-2021-36966 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | ||
| CVE-2021-36965 | Hig | 0.58 | 8.8 | 0.04 | Sep 15, 2021 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | ||
| CVE-2021-36964 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2021 | Windows Event Tracing Elevation of Privilege Vulnerability | ||
| CVE-2021-36963 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2021 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-36960 | Hig | 0.49 | 7.5 | 0.03 | Sep 15, 2021 | Windows SMB Information Disclosure Vulnerability | ||
| CVE-2021-36955 | Hig | 0.69 | 7.8 | 0.03 | KEV | Sep 15, 2021 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CVE-2021-36954 | Hig | 0.57 | 8.8 | 0.00 | Sep 15, 2021 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | ||
| CVE-2021-36952 | Hig | 0.55 | 7.8 | 0.54 | Sep 15, 2021 | Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2021-26435 | Hig | 0.53 | 8.1 | 0.05 | Sep 15, 2021 | Windows Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2021-26434 | Hig | 0.51 | 7.8 | 0.01 | Sep 15, 2021 | Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2021-22149 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2021 | Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users. | ||
| CVE-2021-22148 | Hig | 0.57 | 8.8 | 0.01 | Sep 15, 2021 | Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines. | ||
| CVE-2020-35340 | Hig | 0.49 | 7.5 | 0.01 | Sep 15, 2021 | A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | ||
| CVE-2021-3778 | Hig | 0.00 | 7.8 | 0.02 | Sep 15, 2021 | vim is vulnerable to Heap-based Buffer Overflow | ||
| CVE-2021-3777 | — | Hig | 0.42 | 7.5 | 0.01 | Sep 15, 2021 | nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity | |
| CVE-2021-3706 | Hig | 0.00 | 7.5 | 0.01 | Sep 15, 2021 | adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag | ||
| CVE-2021-23029 | — | Hig | 0.57 | 8.8 | 0.01 | Sep 14, 2021 | On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software… | |
| CVE-2021-23026 | Hig | 0.57 | 8.8 | 0.00 | Sep 14, 2021 | BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.… | ||
| CVE-2021-23030 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate.… | ||
| CVE-2021-23028 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server,… | ||
| CVE-2021-23025 | Hig | 0.57 | 8.8 | 0.02 | Sep 14, 2021 | On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of… | ||
| CVE-2021-23036 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not… | ||
| CVE-2021-23039 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association,… | ||
| CVE-2021-23035 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support… | ||
| CVE-2021-23034 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have… | ||
| CVE-2021-23033 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate.… | ||
| CVE-2021-23032 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2021 | On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM)… |
- risk 0.51cvss 7.8epss 0.05
Microsoft Office Visio Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.05
Microsoft Office Visio Remote Code Execution Vulnerability
- risk 0.49cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.49cvss 7.6epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.50cvss 7.6epss 0.01
Microsoft Office Spoofing Vulnerability
- risk 0.58cvss 7.0epss 0.02
Open Management Infrastructure Elevation of Privilege Vulnerability
- risk 0.67cvss 7.8epss 0.11
Open Management Infrastructure Elevation of Privilege Vulnerability
- risk 0.69cvss 7.8epss 0.04
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
- risk 0.63cvss 7.8epss 0.02
Open Management Infrastructure Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Win32k Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.46cvss 7.1epss 0.01
Microsoft Windows Update Client Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Win32k Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows SMB Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows DNS Elevation of Privilege Vulnerability
- risk 0.52cvss 8.0epss 0.01
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Subsystem for Linux Elevation of Privilege Vulnerability
- risk 0.58cvss 8.8epss 0.04
Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Event Tracing Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.49cvss 7.5epss 0.03
Windows SMB Information Disclosure Vulnerability
- risk 0.69cvss 7.8epss 0.03
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.00
Windows Bind Filter Driver Elevation of Privilege Vulnerability
- risk 0.55cvss 7.8epss 0.54
Visual Studio Remote Code Execution Vulnerability
- risk 0.53cvss 8.1epss 0.05
Windows Scripting Engine Memory Corruption Vulnerability
- risk 0.51cvss 7.8epss 0.01
Visual Studio Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.01
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
- risk 0.57cvss 8.8epss 0.01
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
- risk 0.49cvss 7.5epss 0.01
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.
- risk 0.00cvss 7.8epss 0.02
vim is vulnerable to Heap-based Buffer Overflow
- risk 0.42cvss 7.5epss 0.01
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
- risk 0.00cvss 7.5epss 0.01
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag
- risk 0.57cvss 8.8epss 0.01
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software…
- risk 0.57cvss 8.8epss 0.00
BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.…
- risk 0.49cvss 7.5epss 0.01
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate.…
- risk 0.49cvss 7.5epss 0.01
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server,…
- risk 0.57cvss 8.8epss 0.02
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of…
- risk 0.49cvss 7.5epss 0.01
On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not…
- risk 0.49cvss 7.5epss 0.01
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association,…
- risk 0.49cvss 7.5epss 0.01
On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support…
- risk 0.49cvss 7.5epss 0.01
On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have…
- risk 0.49cvss 7.5epss 0.01
On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate.…
- risk 0.49cvss 7.5epss 0.01
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM)…