The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2021-36969 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-36968 | Windows DNS Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | HIGH | Sep 15, 2021 | n/a |
| CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36961 | Windows Installer Denial of Service Vulnerability | LOW | Sep 16, 2021 | n/a |
| CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36958 | <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> | HIGH | Aug 12, 2021 | n/a |
| CVE-2021-36957 | Windows Desktop Bridge Elevation of Privilege Vulnerability | MEDIUM | Nov 10, 2021 | n/a |
| CVE-2021-36956 | Azure Sphere Information Disclosure Vulnerability | LOW | Sep 15, 2021 | n/a |
| CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2021-36952 | Visual Studio Remote Code Execution Vulnerability | MEDIUM | Sep 16, 2021 | n/a |
| CVE-2021-36950 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | LOW | Aug 12, 2021 | n/a |
| CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36948 | Windows Update Medic Service Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36947 | Windows Print Spooler Remote Code Execution Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36946 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | LOW | Aug 12, 2021 | n/a |
| CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36943 | Azure CycleCloud Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36942 | Windows LSA Spoofing Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36941 | Microsoft Word Remote Code Execution Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36940 | Microsoft SharePoint Server Spoofing Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36938 | Windows Cryptographic Primitives Library Information Disclosure Vulnerability | LOW | Aug 12, 2021 | n/a |
| CVE-2021-36937 | Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36936 | Windows Print Spooler Remote Code Execution Vulnerability | HIGH | Aug 12, 2021 | n/a |
| CVE-2021-36934 | <p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href=https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7>KB5005357- Delete Volume Shadow Copies</a>.</p> | MEDIUM | Jul 22, 2021 | n/a |
| CVE-2021-36933 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36932 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36931 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | MEDIUM | Aug 26, 2021 | n/a |
| CVE-2021-36930 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | MEDIUM | Sep 3, 2021 | n/a |
| CVE-2021-36929 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | MEDIUM | Aug 26, 2021 | n/a |
| CVE-2021-36928 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | HIGH | Aug 26, 2021 | n/a |
| CVE-2021-36927 | Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36926 | Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36925 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | HIGH | Nov 2, 2021 | n/a |
| CVE-2021-36924 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. | HIGH | Nov 2, 2021 | n/a |
| CVE-2021-36923 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | HIGH | Nov 2, 2021 | n/a |
| CVE-2021-36922 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. | HIGH | Nov 2, 2021 | n/a |
| CVE-2021-36921 | AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request. | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-36920 | Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | LOW | Jan 14, 2022 | n/a |
| CVE-2021-36919 | Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | LOW | Nov 26, 2021 | n/a |
