Skip to main content
CVE-2021-36948 HIGH KEV PATCH THREAT This Week

Windows Update Medic Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1809 Windows 10 1909 Windows 10 2004 +5
NVD
CVSS 3.1
7.8
EPSS
19.9%
CVE-2021-36941 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-36937 HIGH PATCH This Week

Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-36927 HIGH PATCH This Week

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 7 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34537 HIGH PATCH This Week

Windows Bluetooth Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-34536 HIGH PATCH This Week

Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-34533 HIGH PATCH This Week

Windows Graphics Component Font Parsing Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-34530 HIGH PATCH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-34486 HIGH KEV PATCH THREAT This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Memory Corruption Information Disclosure Windows 10 1809 +7
NVD
CVSS 3.1
7.8
EPSS
7.4%
CVE-2021-34484 HIGH KEV PATCH THREAT This Week

Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
14.4%
CVE-2021-34483 HIGH PATCH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-34478 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office
NVD
CVSS 3.1
7.8
EPSS
54.4%
CVE-2021-34471 HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Malware Protection Engine
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26431 HIGH PATCH This Week

Windows Recovery Environment Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-26425 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-27794 HIGH This Week

A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-27792 HIGH This Week

The request handling functions in web management interface of Brocade Fabric OS versions before v9.0.1a, v8.2.3a, and v7.4.2h do not properly handle malformed user input, resulting in a service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27790 HIGH This Week

The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-38088 HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38086 HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-37841 HIGH This Week

Docker Desktop before 3.6.0 suffers from incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26429 HIGH PATCH This Week

Azure Sphere Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.7).

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2021-36940 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
3.6%
CVE-2021-33056 HIGH PATCH This Week

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Denial Of Service Belle Sip
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-36933 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-36932 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-36926 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-26433 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-26423 HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Powershell Core Visual Studio 2017 +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-38599 HIGH PATCH This Week

WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wal G
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-38593 HIGH PATCH This Week

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Qt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-38592 HIGH This Week

Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-37655 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-36945 HIGH PATCH This Week

Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Update Assistant
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2021-37682 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37664 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37654 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37641 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37635 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37643 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-36949 HIGH PATCH This Week

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability. Rated high severity (CVSS 7.1). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Azure Active Directory Connect Azure Active Directory Connect Provisioning Agent
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-34487 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-33762 HIGH PATCH This Week

Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Azure Cyclecloud
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-26426 HIGH PATCH This Week

Windows User Account Profile Picture Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2021-34534 MEDIUM PATCH This Month

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2021-34480 MEDIUM PATCH This Month

Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
31.8%
CVE-2021-38087 MEDIUM This Month

Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-37699 MEDIUM PATCH This Month

Next.js is an open source website development framework to be used with the React library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Next Js
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-26430 MEDIUM PATCH This Month

Azure Sphere Denial of Service Vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Microsoft Denial Of Service Azure Sphere
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2021-38597 MEDIUM PATCH This Month

wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy