Total
2093 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1653 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows CSC Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-1652 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows CSC Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-1651 | 1 Microsoft | 14 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 11 more | 2024-11-21 | 7.8 High |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | ||||
| CVE-2021-1650 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 7.8 High |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | ||||
| CVE-2021-1649 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Active Template Library Elevation of Privilege Vulnerability | ||||
| CVE-2021-1648 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2024-11-21 | 7.8 High |
| Microsoft splwow64 Elevation of Privilege Vulnerability | ||||
| CVE-2021-1646 | 1 Microsoft | 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more | 2024-11-21 | 6.6 Medium |
| Windows WLAN Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-1642 | 1 Microsoft | 11 Windows 10, Windows 10 1607, Windows 10 1803 and 8 more | 2024-11-21 | 7.8 High |
| Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | ||||
| CVE-2021-1640 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2021-1579 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2024-11-21 | 8.1 High |
| A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device. | ||||
| CVE-2021-1572 | 1 Cisco | 2 Confd, Network Services Orchestrator | 2024-11-21 | 7.8 High |
| A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released. | ||||
| CVE-2021-1447 | 1 Cisco | 1 Content Security Management Appliance | 2024-11-21 | 6.7 Medium |
| A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials. | ||||
| CVE-2021-1416 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1401 | 1 Cisco | 12 Wap125, Wap125 Firmware, Wap131 and 9 more | 2024-11-21 | 8.8 High |
| Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1400 | 1 Cisco | 12 Wap125, Wap125 Firmware, Wap131 and 9 more | 2024-11-21 | 8.8 High |
| Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1388 | 1 Cisco | 2 Aci Multi-site Orchestrator, Application Policy Infrastructure Controller | 2024-11-21 | 10 Critical |
| A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices. | ||||
| CVE-2021-1371 | 1 Cisco | 17 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 14 more | 2024-11-21 | 6.6 Medium |
| A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. | ||||
| CVE-2021-1258 | 3 Cisco, Mcafee, Microsoft | 3 Anyconnect Secure Mobility Client, Agent Epolicy Orchestrator Extension, Windows | 2024-11-21 | 5.5 Medium |
| A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. | ||||
| CVE-2021-1118 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service | ||||
| CVE-2021-1051 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-11-21 | 8.4 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display configuration data, which may result in denial of service of the display. | ||||