Skip to main content
CVE-2021-28321 HIGH PATCH This Week

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 Windows 10 +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-28320 HIGH PATCH This Week

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-28315 HIGH PATCH This Week

Windows Media Video Decoder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-28314 HIGH PATCH This Week

Windows Hyper-V Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-28313 HIGH PATCH This Week

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Visual Studio Visual Studio 2017 Visual Studio 2019 Windows 10 +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-28310 HIGH KEV PATCH THREAT This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Windows 10 1803 Windows 10 1809 Windows 10 1909 +6
NVD
CVSS 3.1
7.8
EPSS
8.3%
CVE-2021-27096 HIGH PATCH This Week

NTFS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-27095 HIGH PATCH This Week

Windows Media Video Decoder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-27091 HIGH PATCH This Week

RPC Endpoint Mapper Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 7 Windows Server 2008 Windows Server 2012
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-27090 HIGH PATCH This Week

Windows Secure Kernel Mode Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-27089 HIGH PATCH This Week

Microsoft Internet Messaging API Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2021-27088 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-27086 HIGH PATCH This Week

Windows Services and Controller App Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-27064 HIGH PATCH This Week

Visual Studio Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-26415 HIGH PATCH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2021-22718 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal C Bus Toolkit
NVD
CVSS 3.1
7.8
EPSS
27.2%
CVE-2021-22716 HIGH This Week

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE C Bus Toolkit
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-0445 HIGH This Week

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0442 HIGH PATCH This Week

In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0439 HIGH PATCH This Week

In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0438 HIGH PATCH This Week

In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0437 HIGH PATCH This Week

In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0429 HIGH PATCH This Week

In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0427 HIGH PATCH This Week

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0426 HIGH PATCH This Week

In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-28647 HIGH This Week

Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Code Injection Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-28645 HIGH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25253 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-25250 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-26416 HIGH PATCH This Week

Windows Hyper-V Denial of Service Vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.7
EPSS
3.9%
CVE-2021-28439 HIGH PATCH This Week

Windows TCP/IP Driver Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2021-28324 HIGH PATCH This Week

Windows SMB Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2021-28319 HIGH PATCH This Week

Windows TCP/IP Driver Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.5
EPSS
9.4%
CVE-2021-23372 HIGH This Week

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mongo Express
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-0435 HIGH PATCH This Week

In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-0431 HIGH PATCH This Week

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-29262 HIGH PATCH This Week

When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Solr
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2021-0446 HIGH PATCH This Week

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2021-29439 HIGH This Week

The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Grav Admin
NVD GitHub
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-28452 HIGH PATCH This Week

Microsoft Outlook Memory Corruption Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption 365 Apps Office +1
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2021-28446 HIGH PATCH This Week

Windows Portmapping Information Disclosure Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2021-28477 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Visual Studio Code
NVD
CVSS 3.1
7.0
EPSS
2.3%
CVE-2021-28440 HIGH PATCH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2021-27072 HIGH PATCH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2021-0432 HIGH PATCH This Week

In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. Rated high severity (CVSS 7.0).

Google Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-29437 MEDIUM PATCH This Month

ScratchOAuth2 is an Oauth implementation for Scratch. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Scratchoauth2
NVD GitHub
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-27092 MEDIUM PATCH This Month

Azure AD Web Sign-in Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
2.6%
CVE-2021-0468 MEDIUM This Month

In LK, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2021-29435 MEDIUM PATCH This Month

trestle-auth is an authentication plugin for the Trestle admin framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Trestle Auth
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-28442 MEDIUM PATCH This Month

Windows TCP/IP Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
6.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy