Microsoft Exchange Server Remote Code Execution Vulnerability
Identifier: CVE-2021-26427
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427
Description: CVE-2021-26427 allows an attacker to remotely execute code on a vulnerable exchange server.
Mitigation recommendation: Patching is currently the only method of mitigation.
Windows Print Spooler Spoofing Vulnerability
Identifier: CVE-2021-36970
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36970
Description: CVE-2021-36970 allows an attacker to exploit the vulnerable print spooler component.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Identifier: CVE-2021-40487, CVE-2021-41344
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41344
Description: CVE-2021-40487 and CVE-2021-41344 allows an attacker to remotely execute code on vulnerable SharePoint servers.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Identifier: CVE-2021-41348
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41348
Description: CVE-2021-41348 allows an attacker to escalate privileges on vulnerable exchange servers.
Mitigation recommendation: Patching is currently the only method of mitigation.
Windows Hyper-V Remote Code Execution Vulnerability
Identifier: CVE-2021-40461, CVE-2021-38672
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38672
Description: CVE-2021-38672 and CVE-2021-40461 allows an attacker to remotely execute code on vulnerable Hyper-V deployments.
Mitigation recommendation: Patching is currently the only method of mitigation.
Windows Nearby Sharing Elevation of Privilege Vulnerability
Identifier: CVE-2021-40464
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40464
Description: CVE-2021-40464 allows an attacker to elevate privileges on a host with a vulnerable "Nearby Sharing" component.
Mitigation recommendation: Patching is currently the only method of mitigation
Vulnerability |
Exploited |
CVSS v3 |
CVE |
Microsoft Exchange Server Remote Code Execution Vulnerability |
No |
9 |
CVE-2021-26427 |
Windows Print Spooler Spoofing Vulnerability |
No |
8.8 |
CVE-2021-36970 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
No |
8.1 |
CVE-2021-40487 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
No |
8.1 |
CVE-2021-41344 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
No |
8 |
CVE-2021-41348 |
Windows Hyper-V Remote Code Execution Vulnerability |
No |
8 |
CVE-2021-40461 |
Windows Hyper-V Remote Code Execution Vulnerability |
No |
8 |
CVE-2021-38672 |
Windows Nearby Sharing Elevation of Privilege Vulnerability |
No |
8 |
CVE-2021-40464 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40470 |
Microsoft Excel Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40471 |
Microsoft Excel Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40473 |
Microsoft Excel Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40474 |
Microsoft Excel Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40479 |
Microsoft Excel Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40485 |
Microsoft Office Visio Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40480 |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-41330 |
Microsoft Word Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40486 |
Storage Spaces Controller Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-26441 |
Storage Spaces Controller Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40478 |
Storage Spaces Controller Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40488 |
Storage Spaces Controller Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40489 |
Storage Spaces Controller Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-41345 |
Win32k Elevation of Privilege Vulnerability |
Yes |
7.8 |
CVE-2021-40449 |
Win32k Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40450 |
Win32k Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-41357 |
Windows AppX Deployment Service Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-41347 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40443 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40466 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40467 |
Windows Event Tracing Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-40477 |
Windows Graphics Component Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-41340 |
Windows Kernel Elevation of Privilege Vulnerability |
No |
7.8 |
CVE-2021-41335 |
Windows Media Audio Decoder Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-41331 |
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40462 |
Windows Text Shaping Remote Code Execution Vulnerability |
No |
7.8 |
CVE-2021-40465 |
Windows NAT Denial of Service Vulnerability |
No |
7.7 |
CVE-2021-40463 |
Microsoft SharePoint Server Spoofing Vulnerability |
No |
7.6 |
CVE-2021-40484 |
Microsoft SharePoint Server Spoofing Vulnerability |
No |
7.6 |
CVE-2021-40483 |
Microsoft Exchange Server Denial of Service Vulnerability |
No |
7.5 |
CVE-2021-34453 |
SCOM Information Disclosure Vulnerability |
No |
7.5 |
CVE-2021-41352 |
Windows AppContainer Elevation Of Privilege Vulnerability |
No |
7.5 |
CVE-2021-40476 |
Windows TCP/IP Denial of Service Vulnerability |
No |
7.5 |
CVE-2021-36953 |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
No |
7.4 |
CVE-2021-40457 |
Windows DNS Server Remote Code Execution Vulnerability |
No |
7.2 |
CVE-2021-40469 |
Microsoft Office Visio Remote Code Execution Vulnerability |
No |
7.1 |
CVE-2021-40481 |
Windows Desktop Bridge Elevation of Privilege Vulnerability |
No |
7 |
CVE-2021-41334 |
Windows HTTP.sys Elevation of Privilege Vulnerability |
No |
7 |
CVE-2021-26442 |
Windows MSHTML Platform Remote Code Execution Vulnerability |
No |
6.8 |
CVE-2021-41342 |
Microsoft Exchange Server Spoofing Vulnerability |
No |
6.5 |
CVE-2021-41350 |
Windows Print Spooler Information Disclosure Vulnerability |
No |
6.5 |
CVE-2021-41332 |
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability |
No |
6.5 |
CVE-2021-40460 |
.NET Core and Visual Studio Information Disclosure Vulnerability |
No |
5.7 |
CVE-2021-41355 |
Microsoft Excel Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-40472 |
Rich Text Edit Control Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-40454 |
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
No |
5.5 |
CVE-2021-41338 |
Windows Bind Filter Driver Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-40468 |
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-40475 |
Windows Fast FAT File System Driver Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-38662 |
Windows Fast FAT File System Driver Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-41343 |
Windows Installer Spoofing Vulnerability |
No |
5.5 |
CVE-2021-40455 |
Windows Kernel Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-41336 |
Windows exFAT File System Information Disclosure Vulnerability |
No |
5.5 |
CVE-2021-38663 |
Active Directory Federation Server Spoofing Vulnerability |
No |
5.4 |
CVE-2021-41361 |
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
No |
5.4 |
CVE-2021-41353 |
Console Window Host Security Feature Bypass Vulnerability |
No |
5.3 |
CVE-2021-41346 |
Microsoft SharePoint Server Information Disclosure Vulnerability |
No |
5.3 |
CVE-2021-40482 |
Windows AD FS Security Feature Bypass Vulnerability |
No |
5.3 |
CVE-2021-40456 |
Active Directory Security Feature Bypass Vulnerability |
No |
4.9 |
CVE-2021-41337 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability |
No |
4.7 |
CVE-2021-41339 |
Intune Management Extension Security Feature Bypass Vulnerability |
No |
4.2 |
CVE-2021-41363 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
No |
4.1 |
CVE-2021-41354 |
Chromium: CVE-2021-37974 Use after free in Safe Browsing |
- |
0 |
CVE-2021-37974 |
Chromium: CVE-2021-37975 Use after free in V8 |
- |
0 |
CVE-2021-37975 |
Chromium: CVE-2021-37976 Information leak in core |
- |
0 |
CVE-2021-37976 |
Chromium: CVE-2021-37977 Use after free in Garbage Collection |
- |
0 |
CVE-2021-37977 |
Chromium: CVE-2021-37978 Heap buffer overflow in Blink |
- |
0 |
CVE-2021-37978 |
Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC |
- |
0 |
CVE-2021-37979 |
Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox |
- |
0 |
CVE-2021-37980 |
OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference |
No |
0 |
CVE-2020-1971 |
OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing |
No |
0 |
CVE-2021-3449 |
OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT |
No |
0 |
CVE-2021-3450 |