The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-38675 | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | LOW | Oct 4, 2021 | n/a |
| CVE-2021-38674 | A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later | MEDIUM | Jan 7, 2022 | n/a |
| CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2021-38671 | Windows Print Spooler Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38669 | Microsoft Edge (Chromium-based) Tampering Vulnerability | HIGH | Sep 15, 2021 | n/a |
| CVE-2021-38667 | Windows Print Spooler Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38666 | Remote Desktop Client Remote Code Execution Vulnerability | MEDIUM | Nov 10, 2021 | n/a |
| CVE-2021-38665 | Remote Desktop Protocol Client Information Disclosure Vulnerability | MEDIUM | Nov 10, 2021 | n/a |
| CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | LOW | Oct 13, 2021 | n/a |
| CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2021-38661 | HEVC Video Extensions Remote Code Execution Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38660 | Microsoft Office Graphics Remote Code Execution Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38659 | Microsoft Office Graphics Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-38658 | Microsoft Office Graphics Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-38657 | Microsoft Office Graphics Component Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38656 | Microsoft Word Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-38654 | Microsoft Office Visio Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-38653 | Microsoft Office Visio Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-38652 | Microsoft SharePoint Server Spoofing Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38651 | Microsoft SharePoint Server Spoofing Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38650 | Microsoft Office Spoofing Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability | HIGH | Sep 15, 2021 | n/a |
| CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38644 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38642 | Microsoft Edge for iOS Spoofing Vulnerability | MEDIUM | Sep 3, 2021 | n/a |
| CVE-2021-38641 | Microsoft Edge for Android Spoofing Vulnerability | MEDIUM | Sep 3, 2021 | n/a |
| CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38636 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38635 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | HIGH | Sep 16, 2021 | n/a |
| CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-38631 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | LOW | Nov 12, 2021 | n/a |
| CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38626 | Windows Kernel Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38625 | Windows Kernel Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-38623 | The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. | MEDIUM | Aug 13, 2021 | n/a |
| CVE-2021-38621 | The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership. | MEDIUM | Aug 13, 2021 | n/a |
| CVE-2021-38619 | openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=). | MEDIUM | Aug 13, 2021 | n/a |
| CVE-2021-38618 | In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user\'s credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. | MEDIUM | Oct 4, 2021 | n/a |
| CVE-2021-38617 | In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | MEDIUM | Sep 7, 2021 | n/a |
