Skip to main content
CVE-2021-38088 HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-38086 HIGH This Week

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-37841 HIGH This Week

Docker Desktop before 3.6.0 suffers from incorrect access control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Microsoft Information Disclosure Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26429 HIGH PATCH This Week

Azure Sphere Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.7).

Microsoft Information Disclosure Azure Sphere
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2021-36940 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
3.6%
CVE-2021-33056 HIGH PATCH This Week

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Denial Of Service Belle Sip
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-36933 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-36932 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-36926 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-26433 HIGH PATCH This Week

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-26423 HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Powershell Core Visual Studio 2017 +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-38599 HIGH PATCH This Week

WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wal G
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-38593 HIGH PATCH This Week

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Qt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-38592 HIGH This Week

Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-37655 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-36945 HIGH PATCH This Week

Windows 10 Update Assistant Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Update Assistant
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2021-37682 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37664 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37654 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37641 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37635 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-37643 HIGH PATCH This Week

TensorFlow is an end-to-end open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-36949 HIGH PATCH This Week

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability. Rated high severity (CVSS 7.1). This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Azure Active Directory Connect Azure Active Directory Connect Provisioning Agent
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-34487 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-33762 HIGH PATCH This Week

Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Azure Cyclecloud
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-26426 HIGH PATCH This Week

Windows User Account Profile Picture Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
7.0
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy