The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-41456 | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. | MEDIUM | Oct 7, 2021 |
| CVE-2021-41428 | Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components. | HIGH | Sep 23, 2021 |
| CVE-2021-41395 | Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. | MEDIUM | Sep 20, 2021 |
| CVE-2021-41394 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. | MEDIUM | Sep 20, 2021 |
| CVE-2021-41393 | Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. | HIGH | Sep 20, 2021 |
| CVE-2021-41392 | static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API. | HIGH | Sep 17, 2021 |
| CVE-2021-41391 | In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. | LOW | Sep 17, 2021 |
| CVE-2021-41390 | In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. | MEDIUM | Sep 17, 2021 |
| CVE-2021-41387 | seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. | HIGH | Sep 17, 2021 |
| CVE-2021-41385 | The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. | MEDIUM | Oct 5, 2021 |
| CVE-2021-41383 | setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | HIGH | Sep 17, 2021 |
| CVE-2021-41382 | Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. | MEDIUM | Sep 22, 2021 |
| CVE-2021-41381 | Payara Micro Community 5.2021.6 and below allows Directory Traversal. | MEDIUM | Sep 23, 2021 |
| CVE-2021-41380 | RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. | MEDIUM | Sep 17, 2021 |
| CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. | -- | Oct 13, 2021 |
| CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41352 | SCOM Information Disclosure Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | -- | Oct 14, 2021 |
| CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489. | -- | Oct 14, 2021 |
| CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487. | -- | Oct 13, 2021 |
| CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662. | -- | Oct 13, 2021 |
| CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | -- | Oct 13, 2021 |
| CVE-2021-41329 | Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user\'s view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements. | MEDIUM | Oct 6, 2021 |
| CVE-2021-41326 | In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | HIGH | Sep 17, 2021 |
| CVE-2021-41325 | Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.) | MEDIUM | Oct 7, 2021 |
| CVE-2021-41324 | Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). | MEDIUM | Oct 7, 2021 |
| CVE-2021-41323 | Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. | MEDIUM | Oct 7, 2021 |
| CVE-2021-41322 | Poly VVX 400/410 through 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. | MEDIUM | Oct 4, 2021 |
| CVE-2021-41320 | A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. | -- | Oct 15, 2021 |
| CVE-2021-41318 | In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim\'s browser. | MEDIUM | Oct 7, 2021 |
| CVE-2021-41317 | XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. | HIGH | Sep 17, 2021 |
| CVE-2021-41316 | The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. | HIGH | Sep 17, 2021 |
| CVE-2021-41315 | The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. | HIGH | Sep 17, 2021 |
