Update Reports

OVAL Vulnerability Bulletins




ID:
CVE-2021-45105
Title:
Log4j: multiple vulnerabilities - Windows
Type:
Software
Bulletins:
CVE-2021-45105
CVE-2021-45046
CVE-2021-44228
CVE-2019-17571
Severity:
Critical
Description:
Log4j versions before 2.17.0 are vulnerable to CVE-2021-45105. Log4j versions before 2.16.0 are vulnerable to CVE-2021-45046. Log4j versions before 2.15.0 are vulnerable to CVE-2021-44228. Log4j versions before 1.2.18 are vulnerable to CVE-2019-17571.
Applies to:
Log4j
Created:
2021-12-21
Updated:
2022-05-25

ID:
CVE-2021-45105
Title:
Log4j: multiple vulnerabilities - Linux
Type:
Software
Bulletins:
CVE-2021-45105
CVE-2021-45046
CVE-2021-44228
CVE-2019-17571
Severity:
Critical
Description:
Log4j versions before 2.17.0 are vulnerable to CVE-2021-45105. Log4j versions before 2.16.0 are vulnerable to CVE-2021-45046. Log4j versions before 2.15.0 are vulnerable to CVE-2021-44228. Log4j versions before 1.2.18 are vulnerable to CVE-2019-17571.
Applies to:
Log4j
Created:
2021-12-20
Updated:
2022-05-25

ID:
CISEC:9093
Title:
oval:org.cisecurity:def:9093: Windows Feedback Hub Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9093
CVE-2021-42280
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9092
Title:
oval:org.cisecurity:def:9092: Windows NTFS Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9092
CVE-2021-41378
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9090
Title:
oval:org.cisecurity:def:9090: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:9090
CVE-2021-41371
Severity:
Low
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9089
Title:
oval:org.cisecurity:def:9089: Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9089
CVE-2021-41366
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9088
Title:
oval:org.cisecurity:def:9088: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9088
CVE-2021-38666
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9087
Title:
oval:org.cisecurity:def:9087: Active Directory Domain Services Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9087
CVE-2021-42287
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9086
Title:
oval:org.cisecurity:def:9086: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9086
CVE-2021-42276
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9084
Title:
oval:org.cisecurity:def:9084: NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9084
CVE-2021-41367
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9083
Title:
oval:org.cisecurity:def:9083: Windows Hello Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:9083
CVE-2021-42288
Severity:
Low
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9081
Title:
oval:org.cisecurity:def:9081: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9081
CVE-2021-41379
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9080
Title:
oval:org.cisecurity:def:9080: Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9080
CVE-2021-41377
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9079
Title:
oval:org.cisecurity:def:9079: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:9079
CVE-2021-42284
Severity:
Critical
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9078
Title:
oval:org.cisecurity:def:9078: NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9078
CVE-2021-42283
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9077
Title:
oval:org.cisecurity:def:9077: Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:9077
CVE-2021-42274
Severity:
Low
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9076
Title:
oval:org.cisecurity:def:9076: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:9076
CVE-2021-41356
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9074
Title:
oval:org.cisecurity:def:9074: Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9074
CVE-2021-42286
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9072
Title:
oval:org.cisecurity:def:9072: Active Directory Domain Services Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9072
CVE-2021-42282
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9071
Title:
oval:org.cisecurity:def:9071: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:9071
CVE-2021-38631
Severity:
Low
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9070
Title:
oval:org.cisecurity:def:9070: Active Directory Domain Services Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9070
CVE-2021-42278
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9069
Title:
oval:org.cisecurity:def:9069: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:9069
CVE-2021-42279
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9068
Title:
oval:org.cisecurity:def:9068: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9068
CVE-2021-42285
Severity:
Critical
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9067
Title:
oval:org.cisecurity:def:9067: Remote Desktop Protocol Client Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:9067
CVE-2021-38665
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9066
Title:
oval:org.cisecurity:def:9066: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9066
CVE-2021-26443
Severity:
Critical
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9065
Title:
oval:org.cisecurity:def:9065: Active Directory Domain Services Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9065
CVE-2021-42291
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9063
Title:
oval:org.cisecurity:def:9063: Windows Desktop Bridge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9063
CVE-2021-36957
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9062
Title:
oval:org.cisecurity:def:9062: NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9062
CVE-2021-41370
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9061
Title:
oval:org.cisecurity:def:9061: Microsoft COM for Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9061
CVE-2021-42275
Severity:
Moderate
Description:
Applies to:
Created:
2021-12-10
Updated:
2022-05-25

ID:
CISEC:9023
Title:
oval:org.cisecurity:def:9023: Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.007.20095 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30015 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version...
Type:
Software
Bulletins:
CISEC:9023
Severity:
Low
Description:
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images. (CVE-2021-40730) Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40731) Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-40728) Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. (CVE-2021-40729)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Continuous
Created:
2021-11-19
Updated:
2021-11-19

ID:
CISEC:9022
Title:
oval:org.cisecurity:def:9022: Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 21.005.20060 (and earlier), Acrobat 2020 and Acrobat Reader 2020 version 20.004.30006 (and earlier), Acrobat 2017 and Acrobat Reader 2017 version...
Type:
Software
Bulletins:
CISEC:9022
Severity:
Low
Description:
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVE-2021-40725) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVE-2021-40726) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39841) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39863) Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-39857) Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page. (CVE-2021-39856) Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page. (CVE-2021-39855) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39844, CVE-2021-39861, CVE-2021-39858) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39843) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. (CVE-2021-39846, CVE-2021-39845) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction. (CVE-2021-35982) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Use After Free vulnerability. (CVE-2021-39859) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVE-2021-39840) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39842) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39839) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39838) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39837) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39836) Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39860) Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-39852, CVE-2021-39854, CVE-2021-39853, CVE-2021-39850, CVE-2021-39849, CVE-2021-39851)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Continuous
Created:
2021-11-19
Updated:
2021-11-19

ID:
CISEC:9021
Title:
oval:org.cisecurity:def:9021: Windows Fast FAT File System Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:9021
CVE-2021-38662
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9020
Title:
oval:org.cisecurity:def:9020: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9020
CVE-2021-40478
Severity:
Critical
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9019
Title:
oval:org.cisecurity:def:9019: Active Directory Federation Server Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:9019
CVE-2021-41361
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9018
Title:
oval:org.cisecurity:def:9018: Windows TCP/IP Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:9018
CVE-2021-36953
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9017
Title:
oval:org.cisecurity:def:9017: Windows exFAT File System Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:9017
CVE-2021-38663
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9016
Title:
oval:org.cisecurity:def:9016: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9016
CVE-2021-40443
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9015
Title:
oval:org.cisecurity:def:9015: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9015
CVE-2021-40466
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9014
Title:
oval:org.cisecurity:def:9014: Windows Print Spooler Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:9014
CVE-2021-36970
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9013
Title:
oval:org.cisecurity:def:9013: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:9013
CVE-2021-41338
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9012
Title:
oval:org.cisecurity:def:9012: Windows NAT Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:9012
CVE-2021-40463
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9011
Title:
oval:org.cisecurity:def:9011: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:9011
CVE-2021-40475
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9010
Title:
oval:org.cisecurity:def:9010: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9010
CVE-2021-40488
Severity:
Critical
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9009
Title:
oval:org.cisecurity:def:9009: Active Directory Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:9009
CVE-2021-41337
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9008
Title:
oval:org.cisecurity:def:9008: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9008
CVE-2021-40477
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9007
Title:
oval:org.cisecurity:def:9007: Windows Media Audio Decoder Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9007
CVE-2021-41331
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9006
Title:
oval:org.cisecurity:def:9006: Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:9006
CVE-2021-40460
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9005
Title:
oval:org.cisecurity:def:9005: Microsoft DWM Core Library Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9005
CVE-2021-41339
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9004
Title:
oval:org.cisecurity:def:9004: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9004
CVE-2021-40461
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9003
Title:
oval:org.cisecurity:def:9003: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9003
CVE-2021-41345
Severity:
Critical
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9002
Title:
oval:org.cisecurity:def:9002: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:9002
CVE-2021-40469
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9001
Title:
oval:org.cisecurity:def:9001: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9001
CVE-2021-40467
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:9000
Title:
oval:org.cisecurity:def:9000: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:9000
CVE-2021-40450
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8999
Title:
oval:org.cisecurity:def:8999: Windows Bind Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8999
CVE-2021-40468
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8998
Title:
oval:org.cisecurity:def:8998: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8998
CVE-2021-41357
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8997
Title:
oval:org.cisecurity:def:8997: Console Window Host Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8997
CVE-2021-41346
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8996
Title:
oval:org.cisecurity:def:8996: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8996
CVE-2021-41335
Severity:
Critical
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8995
Title:
oval:org.cisecurity:def:8995: Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8995
CVE-2021-40462
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8994
Title:
oval:org.cisecurity:def:8994: Windows Print Spooler Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8994
CVE-2021-41332
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8993
Title:
oval:org.cisecurity:def:8993: Windows AppContainer Elevation Of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8993
CVE-2021-40476
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8992
Title:
oval:org.cisecurity:def:8992: Windows MSHTML Platform Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8992
CVE-2021-41342
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8991
Title:
oval:org.cisecurity:def:8991: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8991
CVE-2021-41330
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8990
Title:
oval:org.cisecurity:def:8990: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8990
CVE-2021-40470
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8989
Title:
oval:org.cisecurity:def:8989: Windows Desktop Bridge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8989
CVE-2021-41334
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8988
Title:
oval:org.cisecurity:def:8988: Windows Text Shaping Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8988
CVE-2021-40465
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8987
Title:
oval:org.cisecurity:def:8987: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8987
CVE-2021-40489
Severity:
Critical
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8986
Title:
oval:org.cisecurity:def:8986: Windows Graphics Component Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8986
CVE-2021-41340
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8985
Title:
oval:org.cisecurity:def:8985: Windows HTTP.sys Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8985
CVE-2021-26442
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8984
Title:
oval:org.cisecurity:def:8984: Windows Installer Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8984
CVE-2021-40455
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8983
Title:
oval:org.cisecurity:def:8983: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8983
CVE-2021-40449
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8982
Title:
oval:org.cisecurity:def:8982: Windows AppX Deployment Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8982
CVE-2021-41347
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8981
Title:
oval:org.cisecurity:def:8981: Windows AD FS Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8981
CVE-2021-40456
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8980
Title:
oval:org.cisecurity:def:8980: Windows Fast FAT File System Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8980
CVE-2021-41343
Severity:
Low
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8979
Title:
oval:org.cisecurity:def:8979: Windows Nearby Sharing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8979
CVE-2021-40464
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8978
Title:
oval:org.cisecurity:def:8978: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8978
CVE-2021-26441
Severity:
Moderate
Description:
Applies to:
Created:
2021-11-12
Updated:
2022-05-25

ID:
CISEC:8977
Title:
oval:org.cisecurity:def:8977: Windows Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:8977
CVE-2021-26435
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8976
Title:
oval:org.cisecurity:def:8976: Windows Storage Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8976
CVE-2021-38637
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8975
Title:
oval:org.cisecurity:def:8975: Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8975
CVE-2021-36965
Severity:
Critical
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8974
Title:
oval:org.cisecurity:def:8974: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8974
CVE-2021-38667
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8973
Title:
oval:org.cisecurity:def:8973: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8973
CVE-2021-36960
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8972
Title:
oval:org.cisecurity:def:8972: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8972
CVE-2021-38638
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8971
Title:
oval:org.cisecurity:def:8971: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8971
CVE-2021-38636
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8970
Title:
oval:org.cisecurity:def:8970: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8970
CVE-2021-38639
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8969
Title:
oval:org.cisecurity:def:8969: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8969
CVE-2021-38635
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8968
Title:
oval:org.cisecurity:def:8968: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8968
CVE-2021-36972
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8967
Title:
oval:org.cisecurity:def:8967: Windows Installer Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8967
CVE-2021-36961
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8966
Title:
oval:org.cisecurity:def:8966: Windows Key Storage Provider Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8966
CVE-2021-38624
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8965
Title:
oval:org.cisecurity:def:8965: Windows SMB Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8965
CVE-2021-36974
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8964
Title:
oval:org.cisecurity:def:8964: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8964
CVE-2021-38671
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8963
Title:
oval:org.cisecurity:def:8963: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8963
CVE-2021-36969
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8962
Title:
oval:org.cisecurity:def:8962: Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8962
CVE-2021-36973
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8961
Title:
oval:org.cisecurity:def:8961: Windows DNS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8961
CVE-2021-36968
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8960
Title:
oval:org.cisecurity:def:8960: Windows Installer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8960
CVE-2021-36962
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8959
Title:
oval:org.cisecurity:def:8959: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8959
CVE-2021-38626
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8958
Title:
oval:org.cisecurity:def:8958: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8958
CVE-2021-38630
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8957
Title:
oval:org.cisecurity:def:8957: Microsoft Windows Update Client Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8957
CVE-2021-38634
Severity:
Critical
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8956
Title:
oval:org.cisecurity:def:8956: Windows Print Spooler Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8956
CVE-2021-36958
Severity:
Critical
Description:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8955
Title:
oval:org.cisecurity:def:8955: BitLocker Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8955
CVE-2021-38632
Severity:
Low
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8954
Title:
oval:org.cisecurity:def:8954: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8954
CVE-2021-38628
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8953
Title:
oval:org.cisecurity:def:8953: Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8953
CVE-2021-38629
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8952
Title:
oval:org.cisecurity:def:8952: Windows Bind Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8952
CVE-2021-36954
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8951
Title:
oval:org.cisecurity:def:8951: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8951
CVE-2021-38633
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8950
Title:
oval:org.cisecurity:def:8950: Windows Authenticode Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8950
CVE-2021-36959
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8949
Title:
oval:org.cisecurity:def:8949: Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8949
CVE-2021-36967
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8948
Title:
oval:org.cisecurity:def:8948: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8948
CVE-2021-36966
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8947
Title:
oval:org.cisecurity:def:8947: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8947
CVE-2021-36964
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8946
Title:
oval:org.cisecurity:def:8946: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8946
CVE-2021-36975
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8945
Title:
oval:org.cisecurity:def:8945: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8945
CVE-2021-38625
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8944
Title:
oval:org.cisecurity:def:8944: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8944
CVE-2021-36963
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8943
Title:
oval:org.cisecurity:def:8943: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8943
CVE-2021-36955
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8942
Title:
oval:org.cisecurity:def:8942: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8942
CVE-2021-40447
Severity:
Moderate
Description:
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8941
Title:
oval:org.cisecurity:def:8941: Microsoft MSHTML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8941
CVE-2021-40444
Severity:
Moderate
Description:
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. UPDATE September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.
Applies to:
Created:
2021-10-22
Updated:
2022-05-25

ID:
CISEC:8940
Title:
oval:org.cisecurity:def:8940: Creative Cloud Desktop Application
Type:
Software
Bulletins:
CISEC:8940
Severity:
Low
Description:
Creative Cloud Desktop Application (installer) versions 4.7.0.400 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2019-7093)
Applies to:
Adobe Creative Cloud
Created:
2021-10-08
Updated:
2021-10-08

ID:
CISEC:8939
Title:
oval:org.cisecurity:def:8939: Multiple vulnerabilities on Adobe Digital Editions versions 4.5.10 and below
Type:
Software
Bulletins:
CISEC:8939
Severity:
Low
Description:
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-3759) Adobe Digital Editions versions 4.5.10 and below have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-3760)
Applies to:
Adobe Digital Editions
Created:
2021-10-08
Updated:
2021-10-08

ID:
CISEC:8938
Title:
oval:org.cisecurity:def:8938: Multiple vulnerabilities on Adobe Media Encoder versions 13.1 and earlier
Type:
Software
Bulletins:
CISEC:8938
Severity:
Low
Description:
Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2019-8241, CVE-2019-8242, CVE-2019-8243, CVE-2019-8244) Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2019-8246)
Applies to:
Adobe Media Encoder
Created:
2021-10-08
Updated:
2021-10-08

ID:
CISEC:8937
Title:
oval:org.cisecurity:def:8937: Multiple vulnerabilities on Creative Cloud Desktop Application versions 4.6.1 and earlier
Type:
Software
Bulletins:
CISEC:8937
Severity:
Low
Description:
Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage. (CVE-2019-8063) Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service. (CVE-2019-7957) Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2019-7958) Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2019-7959) Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. (CVE-2019-8236)
Applies to:
Adobe Creative Cloud
Created:
2021-10-08
Updated:
2021-10-08

ID:
CISEC:8935
Title:
oval:org.cisecurity:def:8935: Multiple vulnerabilities on Creative Cloud Desktop Application versions 5.1 and earlier
Type:
Software
Bulletins:
CISEC:8935
Severity:
Low
Description:
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2020-9669) Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2020-9671) Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2020-9670) Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. (CVE-2020-9682)
Applies to:
Adobe Creative Cloud
Created:
2021-09-24
Updated:
2021-09-24

ID:
CISEC:8934
Title:
oval:org.cisecurity:def:8934: Multiple vulnerabilities on Adobe Media Encoder versions 14.2 and earlier
Type:
Software
Bulletins:
CISEC:8934
Severity:
Low
Description:
Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9649) Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9650, CVE-2020-9646)
Applies to:
Adobe Media Encoder
Created:
2021-09-24
Updated:
2021-09-24

ID:
CISEC:8933
Title:
oval:org.cisecurity:def:8933: Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration
Type:
Software
Bulletins:
CISEC:8933
Severity:
Low
Description:
Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-3798)
Applies to:
Adobe Digital Editions
Created:
2021-09-24
Updated:
2021-09-24

ID:
CISEC:8931
Title:
oval:org.cisecurity:def:8931: Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2020.009.20074?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30002, Acrobat 2017 and Acrobat Reader 2017 version...
Type:
Software
Bulletins:
CISEC:8931
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2020-9714) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a memory corruption vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9711) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak. (CVE-2020-9697) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9693, CVE-2020-9694) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. (CVE-2020-9696, CVE-2020-9712) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. (CVE-2020-9702, CVE-2020-9703) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9723, CVE-2020-9705, CVE-2020-9706, CVE-2020-9707, CVE-2020-9710, CVE-2020-9716, CVE-2020-9717, CVE-2020-9718, CVE-2020-9719, CVE-2020-9720, CVE-2020-9721) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9698, CVE-2020-9699, CVE-2020-9700, CVE-2020-9701, CVE-2020-9704) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9715, CVE-2020-9722) Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9713, CVE-2020-9695)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2021-09-17
Updated:
2021-09-17

ID:
CISEC:8929
Title:
oval:org.cisecurity:def:8929: Multiple vulnerabilities on Creative Cloud Desktop Application version 5.3
Type:
Software
Bulletins:
CISEC:8929
Severity:
Low
Description:
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. (CVE-2021-21068) Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction. (CVE-2021-21078) Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. (CVE-2021-21069, CVE-2021-28547)
Applies to:
Adobe Creative Cloud
Created:
2021-09-17
Updated:
2021-09-17

ID:
CISEC:8927
Title:
oval:org.cisecurity:def:8927: Adobe Illustrator version 25.0
Type:
Software
Bulletins:
CISEC:8927
Severity:
Low
Description:
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21007)
Applies to:
Adobe Illustrator
Created:
2021-09-17
Updated:
2021-09-17

ID:
CISEC:8925
Title:
oval:org.cisecurity:def:8925: Adobe Prelude version 9.0.1
Type:
Software
Bulletins:
CISEC:8925
Severity:
Low
Description:
Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24440)
Applies to:
Adobe Prelude
Created:
2021-09-17
Updated:
2021-09-17

ID:
CISEC:8924
Title:
oval:org.cisecurity:def:8924: Adobe Lightroom Classic version 10.0
Type:
Software
Bulletins:
CISEC:8924
Severity:
Low
Description:
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2020-24447)
Applies to:
Adobe Lightroom Classic
Created:
2021-09-17
Updated:
2021-09-17

ID:
CISEC:8922
Title:
oval:org.cisecurity:def:8922: InCopy version 15.1.1
Type:
Software
Bulletins:
CISEC:8922
Severity:
Low
Description:
InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21010)
Applies to:
Adobe InCopy
Created:
2021-09-17
Updated:
2021-09-17

ID:
CISEC:8921
Title:
oval:org.cisecurity:def:8921: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8921
CVE-2021-26425
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8920
Title:
oval:org.cisecurity:def:8920: Windows Graphics Component Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8920
CVE-2021-34530
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8919
Title:
oval:org.cisecurity:def:8919: Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8919
CVE-2021-36927
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8918
Title:
oval:org.cisecurity:def:8918: Windows Bluetooth Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8918
CVE-2021-34537
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8917
Title:
oval:org.cisecurity:def:8917: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8917
CVE-2021-36934
Severity:
Moderate
Description:
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have the ability to execute code on a victim system to exploit this vulnerability. After installing this security update, you must manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. Simply installing this security update will not fully mitigate this vulnerability. See KB5005357- Delete Volume Shadow Copies.
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8916
Title:
oval:org.cisecurity:def:8916: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8916
CVE-2021-34483
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8915
Title:
oval:org.cisecurity:def:8915: Windows User Account Profile Picture Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8915
CVE-2021-26426
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8914
Title:
oval:org.cisecurity:def:8914: Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8914
CVE-2021-36932
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8913
Title:
oval:org.cisecurity:def:8913: Windows Print Spooler Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8913
CVE-2021-36947
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8912
Title:
oval:org.cisecurity:def:8912: Windows MSHTML Platform Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8912
CVE-2021-34534
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8911
Title:
oval:org.cisecurity:def:8911: Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8911
CVE-2021-36933
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8910
Title:
oval:org.cisecurity:def:8910: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:8910
CVE-2021-34480
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8909
Title:
oval:org.cisecurity:def:8909: Windows TCP/IP Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8909
CVE-2021-26424
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8908
Title:
oval:org.cisecurity:def:8908: Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8908
CVE-2021-26431
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8907
Title:
oval:org.cisecurity:def:8907: Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8907
CVE-2021-34533
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8906
Title:
oval:org.cisecurity:def:8906: Windows LSA Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8906
CVE-2021-36942
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8905
Title:
oval:org.cisecurity:def:8905: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8905
CVE-2021-34487
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8904
Title:
oval:org.cisecurity:def:8904: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8904
CVE-2021-34536
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8903
Title:
oval:org.cisecurity:def:8903: Windows User Profile Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8903
CVE-2021-34484
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8902
Title:
oval:org.cisecurity:def:8902: Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8902
CVE-2021-36926
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8901
Title:
oval:org.cisecurity:def:8901: Remote Desktop Client Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8901
CVE-2021-34535
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8900
Title:
oval:org.cisecurity:def:8900: Windows Print Spooler Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8900
CVE-2021-36936
Severity:
Critical
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8899
Title:
oval:org.cisecurity:def:8899: Windows Update Medic Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8899
CVE-2021-36948
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8898
Title:
oval:org.cisecurity:def:8898: Windows Print Spooler Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8898
CVE-2021-34481
Severity:
Moderate
Description:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see KB5005652.
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8897
Title:
oval:org.cisecurity:def:8897: Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8897
CVE-2021-36937
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8896
Title:
oval:org.cisecurity:def:8896: Windows Cryptographic Primitives Library Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8896
CVE-2021-36938
Severity:
Low
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8895
Title:
oval:org.cisecurity:def:8895: Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8895
CVE-2021-26433
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8894
Title:
oval:org.cisecurity:def:8894: Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8894
CVE-2021-26432
Severity:
Critical
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8893
Title:
oval:org.cisecurity:def:8893: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8893
CVE-2021-34486
Severity:
Moderate
Description:
Applies to:
Created:
2021-09-10
Updated:
2022-05-25

ID:
CISEC:8892
Title:
oval:org.cisecurity:def:8892: Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.001.20155?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.001.30025 and earlier versions, Acrobat 2017 and Acrobat Reader...
Type:
Software
Bulletins:
CISEC:8892
Severity:
Low
Description:
Adobe Acrobat and Adobe Reader is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28554, CVE-2021-28551) Adobe Acrobat and Adobe Reader is affected by an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28552, CVE-2021-28631, CVE-2021-28632)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Continuous
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8891
Title:
oval:org.cisecurity:def:8891: Multiple vulnerabilities on Acrobat DC and Acrobat Reader DC version 2021.005.20054?and?earlier?versions, Acrobat 2020 and Acrobat Reader 2020 version 2020.004.30005 and earlier versions, Acrobat 2017 and Acrobat Reader...
Type:
Software
Bulletins:
CISEC:8891
Severity:
Low
Description:
Adobe Acrobat and Acrobat Reader is affected by an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28640, CVE-2021-28641, CVE-2021-28639, CVE-2021-35983, CVE-2021-35981, CVE-2021-28635) Adobe Acrobat and Acrobat Reader is affected by a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28643) Adobe Acrobat and Acrobat Reader is affected by an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary file system write. (CVE-2021-28642) Adobe Acrobat and Acrobat Reader is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to memory leak. (CVE-2021-28637) Adobe Acrobat and Acrobat Reader is affected by a type confusion vulnerability. Successful exploitation could lead to arbitrary file system read, (CVE-2021-35986) Adobe Acrobat and Acrobat Reader is affected by a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28638) Adobe Acrobat and Acrobat Reader is affected by an uncontrolled search path element vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28636) Adobe Acrobat and Acrobat Reader is affected by an OS command injection vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28634) Adobe Acrobat and Acrobat Reader is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2021-35988, CVE-2021-35987) Adobe Acrobat and Acrobat Reader is affected by a path traversal vulnerability. Successful exploitation could lead to arbitrary file system read. (CVE-2021-35980, CVE-2021-28644) Adobe Acrobat and Acrobat Reader is affected by a NULL pointer dereference vulnerability. Successful exploitation could lead to application denial-of-service. (CVE-2021-35985, CVE-2021-35984)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Continuous
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8890
Title:
oval:org.cisecurity:def:8890: Multiple vulnerabilities on Adobe Bridge version 11.0.2 and earlier versions
Type:
Software
Bulletins:
CISEC:8890
Severity:
Low
Description:
Adobe Bridge is affected by a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28624) Adobe Bridge is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary file system read. (CVE-2021-35992) Adobe Bridge is affected by an improper input validation vulnerability. Successful exploitation could lead to arbitrary code execution.?(CVE-2021-35991) Adobe Bridge is affected by an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-35989, CVE-2021-35990)
Applies to:
Adobe Bridge
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8889
Title:
oval:org.cisecurity:def:8889: Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file (CVE-2021-28548, CVE-2021-28549).
Type:
Software
Bulletins:
CISEC:8889
Severity:
Low
Description:
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-28548, CVE-2021-28549)
Applies to:
Adobe Photoshop
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8888
Title:
oval:org.cisecurity:def:8888: Multiple vulnerabilities on Adobe Animate version 21.0.6 and?earlier versions
Type:
Software
Bulletins:
CISEC:8888
Severity:
Low
Description:
Adobe Illustrator is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary file system read. (CVE-2021-28630) Adobe Illustrator is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to memory leak. (CVE-2021-28619) Adobe Illustrator is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2021-28617, CVE-2021-28618) Adobe Illustrator is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28621) Adobe Illustrator is affected by a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28620, CVE-2021-28629) Adobe Illustrator is affected by an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28622)
Applies to:
Adobe Animate
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8887
Title:
oval:org.cisecurity:def:8887: Adobe Robohelp version 2020.0.3
Type:
Software
Bulletins:
CISEC:8887
Severity:
Low
Description:
Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges. (CVE-2021-21070)
Applies to:
Adobe RoboHelp
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8885
Title:
oval:org.cisecurity:def:8885: Multiple vulnerabilities on Illustrator 2021 version 25.2.3 and?earlier?versions
Type:
Software
Bulletins:
CISEC:8885
Severity:
Low
Description:
Adobe Illustrator is affected by an use after free vulnerability. Successful exploitation could lead to arbitrary file system read. (CVE-2021-28593, CVE-2021-36008) Adobe Illustrator is affected by an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28591, CVE-2021-28592) Adobe Illustrator is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary file system read. (CVE-2021-36010) Adobe Illustrator is affected by an access of memory location after end of buffer vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-36009)
Applies to:
Adobe Illustrator
Created:
2021-08-27
Updated:
2021-08-28

ID:
CISEC:8870
Title:
oval:org.cisecurity:def:8870: Windows Kernel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8870
CVE-2021-34508
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8869
Title:
oval:org.cisecurity:def:8869: Bowser.sys Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8869
CVE-2021-34476
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8868
Title:
oval:org.cisecurity:def:8868: Windows MSHTML Platform Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8868
CVE-2021-34447
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8867
Title:
oval:org.cisecurity:def:8867: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8867
CVE-2021-34503
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8866
Title:
oval:org.cisecurity:def:8866: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8866
CVE-2021-34456
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8865
Title:
oval:org.cisecurity:def:8865: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8865
CVE-2021-33774
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8864
Title:
oval:org.cisecurity:def:8864: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8864
CVE-2021-33754
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8863
Title:
oval:org.cisecurity:def:8863: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8863
CVE-2021-34496
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8862
Title:
oval:org.cisecurity:def:8862: Windows GDI Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8862
CVE-2021-34498
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8861
Title:
oval:org.cisecurity:def:8861: Windows Certificate Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8861
CVE-2021-34492
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8860
Title:
oval:org.cisecurity:def:8860: Windows Print Spooler Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8860
CVE-2021-34527
Severity:
Critical
Description:
A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ): HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting) UpdatePromptSettings = 0 (DWORD) or not defined (default setting) Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design. UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates. Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8859
Title:
oval:org.cisecurity:def:8859: Windows Hello Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8859
CVE-2021-34466
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8858
Title:
oval:org.cisecurity:def:8858: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8858
CVE-2021-34457
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8857
Title:
oval:org.cisecurity:def:8857: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8857
CVE-2021-33745
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8856
Title:
oval:org.cisecurity:def:8856: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8856
CVE-2021-33746
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8855
Title:
oval:org.cisecurity:def:8855: Storage Spaces Controller Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8855
CVE-2021-34509
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8854
Title:
oval:org.cisecurity:def:8854: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8854
CVE-2021-33784
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8853
Title:
oval:org.cisecurity:def:8853: Windows Kernel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8853
CVE-2021-34458
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8852
Title:
oval:org.cisecurity:def:8852: Windows Address Book Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8852
CVE-2021-34504
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8851
Title:
oval:org.cisecurity:def:8851: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8851
CVE-2021-34449
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8850
Title:
oval:org.cisecurity:def:8850: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8850
CVE-2021-33780
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8849
Title:
oval:org.cisecurity:def:8849: GDI+ Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8849
CVE-2021-34440
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8848
Title:
oval:org.cisecurity:def:8848: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8848
CVE-2021-34450
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8847
Title:
oval:org.cisecurity:def:8847: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8847
CVE-2021-34441
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8846
Title:
oval:org.cisecurity:def:8846: Windows InstallService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8846
CVE-2021-31961
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8845
Title:
oval:org.cisecurity:def:8845: Active Directory Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8845
CVE-2021-33781
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8844
Title:
oval:org.cisecurity:def:8844: Windows Projected File System Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8844
CVE-2021-33743
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8843
Title:
oval:org.cisecurity:def:8843: Windows AF_UNIX Socket Provider Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8843
CVE-2021-33785
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8842
Title:
oval:org.cisecurity:def:8842: Windows DNS Snap-in Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8842
CVE-2021-33750
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8841
Title:
oval:org.cisecurity:def:8841: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8841
CVE-2021-34516
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8840
Title:
oval:org.cisecurity:def:8840: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8840
CVE-2021-33763
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8839
Title:
oval:org.cisecurity:def:8839: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8839
CVE-2021-34454
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8838
Title:
oval:org.cisecurity:def:8838: Windows LSA Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8838
CVE-2021-33788
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8837
Title:
oval:org.cisecurity:def:8837: Windows TCP/IP Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8837
CVE-2021-34490
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8836
Title:
oval:org.cisecurity:def:8836: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8836
CVE-2021-34445
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8835
Title:
oval:org.cisecurity:def:8835: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8835
CVE-2021-34491
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8834
Title:
oval:org.cisecurity:def:8834: Windows Installer Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8834
CVE-2021-33765
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8833
Title:
oval:org.cisecurity:def:8833: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8833
CVE-2021-33771
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8832
Title:
oval:org.cisecurity:def:8832: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8832
CVE-2021-33755
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8831
Title:
oval:org.cisecurity:def:8831: Windows HTML Platforms Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8831
CVE-2021-34446
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8830
Title:
oval:org.cisecurity:def:8830: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8830
CVE-2021-34510
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8829
Title:
oval:org.cisecurity:def:8829: Windows LSA Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8829
CVE-2021-33786
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8828
Title:
oval:org.cisecurity:def:8828: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8828
CVE-2021-31979
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8827
Title:
oval:org.cisecurity:def:8827: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8827
CVE-2021-33761
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8826
Title:
oval:org.cisecurity:def:8826: Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8826
CVE-2021-33757
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8825
Title:
oval:org.cisecurity:def:8825: Windows Kernel Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8825
CVE-2021-34500
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8824
Title:
oval:org.cisecurity:def:8824: Windows Remote Assistance Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8824
CVE-2021-34507
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8823
Title:
oval:org.cisecurity:def:8823: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8823
CVE-2021-33773
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8822
Title:
oval:org.cisecurity:def:8822: Windows DNS Snap-in Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8822
CVE-2021-33752
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8821
Title:
oval:org.cisecurity:def:8821: Windows AppContainer Elevation Of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8821
CVE-2021-34459
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8820
Title:
oval:org.cisecurity:def:8820: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8820
CVE-2021-34525
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8819
Title:
oval:org.cisecurity:def:8819: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8819
CVE-2021-34444
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8818
Title:
oval:org.cisecurity:def:8818: Media Foundation Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8818
CVE-2021-33760
Severity:
Low
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8817
Title:
oval:org.cisecurity:def:8817: Windows TCP/IP Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8817
CVE-2021-31183
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8816
Title:
oval:org.cisecurity:def:8816: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8816
CVE-2021-34514
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8815
Title:
oval:org.cisecurity:def:8815: Windows TCP/IP Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8815
CVE-2021-33772
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8814
Title:
oval:org.cisecurity:def:8814: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8814
CVE-2021-34512
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8813
Title:
oval:org.cisecurity:def:8813: Windows Media Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8813
CVE-2021-33740
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8812
Title:
oval:org.cisecurity:def:8812: Windows File History Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8812
CVE-2021-34455
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8811
Title:
oval:org.cisecurity:def:8811: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8811
CVE-2021-34462
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8810
Title:
oval:org.cisecurity:def:8810: Windows Console Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8810
CVE-2021-34488
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8809
Title:
oval:org.cisecurity:def:8809: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8809
CVE-2021-34513
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8808
Title:
oval:org.cisecurity:def:8808: Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8808
CVE-2021-34461
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8807
Title:
oval:org.cisecurity:def:8807: Windows DNS Snap-in Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8807
CVE-2021-33756
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8806
Title:
oval:org.cisecurity:def:8806: Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8806
CVE-2021-33744
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8805
Title:
oval:org.cisecurity:def:8805: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8805
CVE-2021-34511
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8804
Title:
oval:org.cisecurity:def:8804: DirectWrite Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8804
CVE-2021-34489
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8803
Title:
oval:org.cisecurity:def:8803: Windows Desktop Bridge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8803
CVE-2021-33759
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8802
Title:
oval:org.cisecurity:def:8802: Raw Image Extension Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8802
CVE-2021-34521
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8801
Title:
oval:org.cisecurity:def:8801: Windows Authenticode Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8801
CVE-2021-33782
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8800
Title:
oval:org.cisecurity:def:8800: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8800
CVE-2021-34442
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8799
Title:
oval:org.cisecurity:def:8799: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8799
CVE-2021-34499
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8798
Title:
oval:org.cisecurity:def:8798: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8798
CVE-2021-33758
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8797
Title:
oval:org.cisecurity:def:8797: Windows Key Distribution Center Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8797
CVE-2021-33764
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8796
Title:
oval:org.cisecurity:def:8796: Windows Partition Management Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8796
CVE-2021-34493
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8795
Title:
oval:org.cisecurity:def:8795: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8795
CVE-2021-33751
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8794
Title:
oval:org.cisecurity:def:8794: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8794
CVE-2021-34494
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8793
Title:
oval:org.cisecurity:def:8793: Windows Font Driver Host Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8793
CVE-2021-34438
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8792
Title:
oval:org.cisecurity:def:8792: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:8792
CVE-2021-34448
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8791
Title:
oval:org.cisecurity:def:8791: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8791
CVE-2021-33783
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8790
Title:
oval:org.cisecurity:def:8790: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8790
CVE-2021-34460
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8789
Title:
oval:org.cisecurity:def:8789: Windows MSHTML Platform Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8789
CVE-2021-34497
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8788
Title:
oval:org.cisecurity:def:8788: Windows ADFS Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8788
CVE-2021-33779
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8787
Title:
oval:org.cisecurity:def:8787: Windows DNS Snap-in Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8787
CVE-2021-33749
Severity:
Moderate
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8786
Title:
oval:org.cisecurity:def:8786: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8786
CVE-2021-34439
Severity:
Critical
Description:
Applies to:
Created:
2021-08-13
Updated:
2022-05-25

ID:
CISEC:8779
Title:
oval:org.cisecurity:def:8779: Out-of-Bounds Read vulnerability on Adobe Media Encoder 15.1 and earlier versions
Type:
Software
Bulletins:
CISEC:8779
Severity:
Low
Description:
Adobe Media Encoder is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to privilege escalation. (CVE-2021-28569)
Applies to:
Adobe Media Encoder
Created:
2021-07-23
Updated:
2021-07-23

ID:
CISEC:8778
Title:
oval:org.cisecurity:def:8778: Multiple vulnerabilities on Adobe InDesign 16.0 and earlier versions
Type:
Software
Bulletins:
CISEC:8778
Severity:
Low
Description:
Out-of-bounds write that could lead to arbitrary code execution. (CVE-2021-21098, CVE-2021-21099) ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful. (CVE-2021-21043)
Applies to:
Adobe InDesign
Created:
2021-07-23
Updated:
2021-07-23

ID:
CISEC:8777
Title:
oval:org.cisecurity:def:8777: Multiple vulnerabilities on Acrobat DC Continuous and Acrobat Reader DC Continuous versions 2021.001.20150 and earlier, Acrobat 2020 and Acrobat Reader 2020 versions 2020.001.30020 and earlier versions, Acrobat 2017 and...
Type:
Software
Bulletins:
CISEC:8777
Severity:
Low
Description:
Buffer overflow that could lead to arbitrary code execution. (CVE-2021-28561) Heap-based buffer overflow that could lead to arbitrary code execution. (CVE-2021-28560, CVE-2021-28558) Out-of-bounds read that could lead to memory leak. (CVE-2021-28557) Out-of-bounds read that could lead to arbitrary file system read. (CVE-2021-28555) Out-of-bounds read that could lead to arbitrary code execution. (CVE-2021-28564) Out-of-bounds write that could lead to arbitrary code execution. (CVE-2021-28565) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21044, CVE-2021-21038) Out-of-bounds write that could lead to arbitrary code execution. (CVE-2021-21086) Exposure of private information that could lead to privilege escalation. (CVE-2021-28559) Use after tree that could lead to arbitrary code execution. (CVE-2021-28562, CVE-2021-28550, CVE-2021-28553)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Continuous
Created:
2021-07-23
Updated:
2021-07-23

ID:
CISEC:8774
Title:
oval:org.cisecurity:def:8774: Multiple vulnerabilities on Adobe Animate 21.0.5 and earlier versions
Type:
Software
Bulletins:
CISEC:8774
Severity:
Low
Description:
Adobe Animate is affected by an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2021-28572, CVE-2021-28573, CVE-2021-28574, CVE-2021-28575, CVE-2021-28576) Adobe Animate is affected by use after free vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28578) Adobe Animate is affected by use out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2021-28577)
Applies to:
Adobe Animate
Created:
2021-07-23
Updated:
2021-07-23

ID:
CISEC:8773
Title:
oval:org.cisecurity:def:8773: Multiple vulnerabilities on Illustrator 2021 version 25.2 and earlier versions
Type:
Software
Bulletins:
CISEC:8773
Severity:
Low
Description:
Out-of-bounds write vulnerability that could lead to arbitrary code execution. (CVE-2021-21101) Memory corruption vulnerability that could lead to arbitrary code execution. (CVE-2021-21103, CVE-2021-21104, CVE-2021-21105) Path traversal vulnerability that could lead to arbitrary code execution. (CVE-2021-21102)
Applies to:
Adobe Illustrator
Created:
2021-07-23
Updated:
2021-08-17

ID:
CISEC:8771
Title:
oval:org.cisecurity:def:8771: Windows NTLM Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8771
CVE-2021-31958
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8770
Title:
oval:org.cisecurity:def:8770: Event Tracing for Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8770
CVE-2021-31972
Severity:
Low
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8769
Title:
oval:org.cisecurity:def:8769: Windows NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8769
CVE-2021-31956
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8768
Title:
oval:org.cisecurity:def:8768: Server for NFS Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8768
CVE-2021-31976
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8767
Title:
oval:org.cisecurity:def:8767: Kerberos AppContainer Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8767
CVE-2021-31962
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8766
Title:
oval:org.cisecurity:def:8766: Windows DCOM Server Security Feature Bypass
Type:
Software
Bulletins:
CISEC:8766
CVE-2021-26414
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8765
Title:
oval:org.cisecurity:def:8765: Microsoft DWM Core Library Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8765
CVE-2021-33739
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8764
Title:
oval:org.cisecurity:def:8764: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8764
CVE-2021-31199
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8763
Title:
oval:org.cisecurity:def:8763: Windows GPSVC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8763
CVE-2021-31973
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8762
Title:
oval:org.cisecurity:def:8762: Windows Remote Desktop Services Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8762
CVE-2021-31968
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8761
Title:
oval:org.cisecurity:def:8761: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8761
CVE-2021-31969
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8760
Title:
oval:org.cisecurity:def:8760: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8760
CVE-2021-1675
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8758
Title:
oval:org.cisecurity:def:8758: Server for NFS Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8758
CVE-2021-31974
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8757
Title:
oval:org.cisecurity:def:8757: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8757
CVE-2021-31951
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8756
Title:
oval:org.cisecurity:def:8756: Windows HTML Platform Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8756
CVE-2021-31971
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8755
Title:
oval:org.cisecurity:def:8755: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8755
CVE-2021-31977
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8754
Title:
oval:org.cisecurity:def:8754: Windows TCP/IP Driver Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8754
CVE-2021-31970
Severity:
Low
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8753
Title:
oval:org.cisecurity:def:8753: Server for NFS Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8753
CVE-2021-31975
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8752
Title:
oval:org.cisecurity:def:8752: Windows Filter Manager Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8752
CVE-2021-31953
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8751
Title:
oval:org.cisecurity:def:8751: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8751
CVE-2021-31952
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8750
Title:
oval:org.cisecurity:def:8750: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8750
CVE-2021-31955
Severity:
Low
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8749
Title:
oval:org.cisecurity:def:8749: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:8749
CVE-2021-31959
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8748
Title:
oval:org.cisecurity:def:8748: Windows Bind Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8748
CVE-2021-31960
Severity:
Low
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8747
Title:
oval:org.cisecurity:def:8747: Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8747
CVE-2021-31201
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8746
Title:
oval:org.cisecurity:def:8746: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8746
CVE-2021-31954
Severity:
Critical
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8745
Title:
oval:org.cisecurity:def:8745: Windows MSHTML Platform Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8745
CVE-2021-33742
Severity:
Moderate
Description:
Applies to:
Created:
2021-07-09
Updated:
2022-05-25

ID:
CISEC:8741
Title:
oval:org.cisecurity:def:8741: Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier
Type:
Software
Bulletins:
CISEC:8741
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution (CVE-2020-9612) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a race condition vulnerability. Successful exploitation could lead to security feature bypass. (CVE-2020-9615) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. (CVE-2020-9611) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service. (CVE-2020-9610) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9597, CVE-2020-9594) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. (CVE-2020-9614, CVE-2020-9613, CVE-2020-9596, CVE-2020-9592) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9609, CVE-2020-9608, CVE-2020-9603, CVE-2020-9602, CVE-2020-9601, CVE-2020-9600, CVE-2020-9599) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9605, CVE-2020-9604) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2020-9607, CVE-2020-9606) Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure. (CVE-2020-9598, CVE-2020-9595, CVE-2020-9593)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2021-07-02
Updated:
2021-07-02

ID:
CISEC:8740
Title:
oval:org.cisecurity:def:8740: Multiple vulnerabilities in Adobe Acrobat and Reader versions 2020.013.20074 and earlier, 2020.001.30018 and earlier, and 2017.011.30188 and earlier
Type:
Software
Bulletins:
CISEC:8740
Severity:
Low
Description:
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21017) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21037) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21036) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user. (CVE-2021-21045) Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21061) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21057) Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21060) Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21042) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21034) Out-of-bounds Read (CVE-2021-21089) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21044, CVE-2021-21038) Out-of-bounds Write (CVE-2021-21086) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21041, CVE-2021-21040, CVE-2021-21039, CVE-2021-21035, CVE-2021-21033, CVE-2021-21028, CVE-2021-21021) Use After Free (CVE-2021-21088) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. (CVE-2021-28545) Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. (CVE-2021-28546)
Applies to:
Adobe Acrobat 2017
Adobe Acrobat 2020
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader 2020
Adobe Reader DC Continuous
Created:
2021-07-02
Updated:
2021-07-02

ID:
CISEC:8738
Title:
oval:org.cisecurity:def:8738: HTTP Protocol Stack Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8738
CVE-2021-31166
Severity:
Critical
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8737
Title:
oval:org.cisecurity:def:8737: Windows Container Manager Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8737
CVE-2021-31165
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8736
Title:
oval:org.cisecurity:def:8736: Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8736
CVE-2021-28476
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8735
Title:
oval:org.cisecurity:def:8735: Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8735
CVE-2021-31190
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8734
Title:
oval:org.cisecurity:def:8734: Windows SSDP Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8734
CVE-2021-31193
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8733
Title:
oval:org.cisecurity:def:8733: OLE Automation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8733
CVE-2021-31194
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8732
Title:
oval:org.cisecurity:def:8732: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8732
CVE-2021-31170
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8731
Title:
oval:org.cisecurity:def:8731: Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8731
CVE-2021-31184
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8730
Title:
oval:org.cisecurity:def:8730: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8730
CVE-2021-31187
Severity:
Critical
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8729
Title:
oval:org.cisecurity:def:8729: Windows Container Manager Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8729
CVE-2021-31208
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8728
Title:
oval:org.cisecurity:def:8728: Windows Media Foundation Core Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8728
CVE-2021-31192
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8727
Title:
oval:org.cisecurity:def:8727: Windows Container Manager Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8727
CVE-2021-31167
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8726
Title:
oval:org.cisecurity:def:8726: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8726
CVE-2021-31191
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8725
Title:
oval:org.cisecurity:def:8725: Windows Wireless Networking Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8725
CVE-2020-26144
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8724
Title:
oval:org.cisecurity:def:8724: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8724
CVE-2021-31186
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8723
Title:
oval:org.cisecurity:def:8723: Windows Wireless Networking Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8723
CVE-2020-24588
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8722
Title:
oval:org.cisecurity:def:8722: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8722
CVE-2021-31188
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8721
Title:
oval:org.cisecurity:def:8721: Windows Wireless Networking Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8721
CVE-2020-24587
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8720
Title:
oval:org.cisecurity:def:8720: Windows Container Manager Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8720
CVE-2021-31169
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8719
Title:
oval:org.cisecurity:def:8719: Windows CSC Service Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8719
CVE-2021-28479
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8718
Title:
oval:org.cisecurity:def:8718: Windows Desktop Bridge Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8718
CVE-2021-31185
Severity:
Low
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8717
Title:
oval:org.cisecurity:def:8717: Windows Container Manager Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8717
CVE-2021-31168
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8716
Title:
oval:org.cisecurity:def:8716: Microsoft Bluetooth Driver Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8716
CVE-2021-31182
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8715
Title:
oval:org.cisecurity:def:8715: Windows SMB Client Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8715
CVE-2021-31205
Severity:
Moderate
Description:
Applies to:
Created:
2021-06-11
Updated:
2022-05-25

ID:
CISEC:8714
Title:
oval:org.cisecurity:def:8714: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8714
CVE-2021-28434
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8713
Title:
oval:org.cisecurity:def:8713: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8713
CVE-2021-28330
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8712
Title:
oval:org.cisecurity:def:8712: Windows AppX Deployment Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8712
CVE-2021-28326
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8711
Title:
oval:org.cisecurity:def:8711: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8711
CVE-2021-28329
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8710
Title:
oval:org.cisecurity:def:8710: Microsoft Internet Messaging API Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8710
CVE-2021-27089
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8709
Title:
oval:org.cisecurity:def:8709: Windows TCP/IP Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8709
CVE-2021-28439
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8708
Title:
oval:org.cisecurity:def:8708: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8708
CVE-2021-28337
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8707
Title:
oval:org.cisecurity:def:8707: Windows GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8707
CVE-2021-28348
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8706
Title:
oval:org.cisecurity:def:8706: Windows Speech Runtime Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8706
CVE-2021-28351
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8705
Title:
oval:org.cisecurity:def:8705: Windows Media Video Decoder Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8705
CVE-2021-27095
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8704
Title:
oval:org.cisecurity:def:8704: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8704
CVE-2021-28355
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8703
Title:
oval:org.cisecurity:def:8703: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8703
CVE-2021-28343
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8702
Title:
oval:org.cisecurity:def:8702: Windows GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8702
CVE-2021-28350
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8701
Title:
oval:org.cisecurity:def:8701: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8701
CVE-2021-28324
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8700
Title:
oval:org.cisecurity:def:8700: Windows Speech Runtime Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8700
CVE-2021-28347
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8699
Title:
oval:org.cisecurity:def:8699: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8699
CVE-2021-26415
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8698
Title:
oval:org.cisecurity:def:8698: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8698
CVE-2021-28353
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8697
Title:
oval:org.cisecurity:def:8697: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8697
CVE-2021-28447
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8696
Title:
oval:org.cisecurity:def:8696: Windows Media Video Decoder Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8696
CVE-2021-28315
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8695
Title:
oval:org.cisecurity:def:8695: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8695
CVE-2021-28352
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8694
Title:
oval:org.cisecurity:def:8694: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8694
CVE-2021-28327
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8693
Title:
oval:org.cisecurity:def:8693: Windows Hyper-V Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8693
CVE-2021-28444
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8692
Title:
oval:org.cisecurity:def:8692: Windows Overlay Filter Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8692
CVE-2021-26417
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8691
Title:
oval:org.cisecurity:def:8691: Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8691
CVE-2021-28316
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8690
Title:
oval:org.cisecurity:def:8690: Windows Console Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8690
CVE-2021-28443
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8689
Title:
oval:org.cisecurity:def:8689: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8689
CVE-2021-28346
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8688
Title:
oval:org.cisecurity:def:8688: Windows Portmapping Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8688
CVE-2021-28446
Severity:
Low
Description:
N/A
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8687
Title:
oval:org.cisecurity:def:8687: Windows Services and Controller App Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8687
CVE-2021-27086
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8686
Title:
oval:org.cisecurity:def:8686: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8686
CVE-2021-28354
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8685
Title:
oval:org.cisecurity:def:8685: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8685
CVE-2021-28344
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8684
Title:
oval:org.cisecurity:def:8684: Windows TCP/IP Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8684
CVE-2021-28319
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8683
Title:
oval:org.cisecurity:def:8683: Windows DNS Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8683
CVE-2021-28323
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8682
Title:
oval:org.cisecurity:def:8682: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8682
CVE-2021-28440
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8681
Title:
oval:org.cisecurity:def:8681: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8681
CVE-2021-28356
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8680
Title:
oval:org.cisecurity:def:8680: Windows Media Photo Codec Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8680
CVE-2021-27079
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8679
Title:
oval:org.cisecurity:def:8679: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8679
CVE-2021-28331
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8678
Title:
oval:org.cisecurity:def:8678: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8678
CVE-2021-28320
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8677
Title:
oval:org.cisecurity:def:8677: Windows TCP/IP Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8677
CVE-2021-28442
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8676
Title:
oval:org.cisecurity:def:8676: Windows Hyper-V Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8676
CVE-2021-28314
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8675
Title:
oval:org.cisecurity:def:8675: Windows GDI+ Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8675
CVE-2021-28318
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8674
Title:
oval:org.cisecurity:def:8674: Windows DNS Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8674
CVE-2021-28328
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8673
Title:
oval:org.cisecurity:def:8673: Microsoft Windows Codecs Library Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8673
CVE-2021-28317
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8672
Title:
oval:org.cisecurity:def:8672: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8672
CVE-2021-28334
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8671
Title:
oval:org.cisecurity:def:8671: Windows Installer Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:8671
CVE-2021-26413
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8670
Title:
oval:org.cisecurity:def:8670: Windows Application Compatibility Cache Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8670
CVE-2021-28311
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8669
Title:
oval:org.cisecurity:def:8669: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8669
CVE-2021-28332
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8668
Title:
oval:org.cisecurity:def:8668: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8668
CVE-2021-27072
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8667
Title:
oval:org.cisecurity:def:8667: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8667
CVE-2021-28333
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8666
Title:
oval:org.cisecurity:def:8666: Windows GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8666
CVE-2021-28349
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8665
Title:
oval:org.cisecurity:def:8665: Windows Speech Runtime Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8665
CVE-2021-28436
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8664
Title:
oval:org.cisecurity:def:8664: Azure AD Web Sign-in Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8664
CVE-2021-27092
Severity:
Critical
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8663
Title:
oval:org.cisecurity:def:8663: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8663
CVE-2021-27090
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8662
Title:
oval:org.cisecurity:def:8662: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8662
CVE-2021-28345
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8661
Title:
oval:org.cisecurity:def:8661: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8661
CVE-2021-28309
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8660
Title:
oval:org.cisecurity:def:8660: Windows Event Tracing Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8660
CVE-2021-28435
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8659
Title:
oval:org.cisecurity:def:8659: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8659
CVE-2021-28339
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8658
Title:
oval:org.cisecurity:def:8658: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8658
CVE-2021-28342
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8657
Title:
oval:org.cisecurity:def:8657: Windows Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8657
CVE-2021-28441
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8656
Title:
oval:org.cisecurity:def:8656: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8656
CVE-2021-28340
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8655
Title:
oval:org.cisecurity:def:8655: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8655
CVE-2021-28341
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8654
Title:
oval:org.cisecurity:def:8654: NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8654
CVE-2021-27096
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8653
Title:
oval:org.cisecurity:def:8653: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8653
CVE-2021-27094
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8652
Title:
oval:org.cisecurity:def:8652: Windows Installer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8652
CVE-2021-28437
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8651
Title:
oval:org.cisecurity:def:8651: Windows NTFS Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8651
CVE-2021-28312
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8650
Title:
oval:org.cisecurity:def:8650: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8650
CVE-2021-28338
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8649
Title:
oval:org.cisecurity:def:8649: Windows Network File System Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8649
CVE-2021-28445
Severity:
Moderate
Description:
N/A
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8648
Title:
oval:org.cisecurity:def:8648: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8648
CVE-2021-28336
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8647
Title:
oval:org.cisecurity:def:8647: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8647
CVE-2021-28358
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8646
Title:
oval:org.cisecurity:def:8646: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8646
CVE-2021-28335
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8645
Title:
oval:org.cisecurity:def:8645: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8645
CVE-2021-27093
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8644
Title:
oval:org.cisecurity:def:8644: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8644
CVE-2021-28325
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8643
Title:
oval:org.cisecurity:def:8643: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8643
CVE-2021-28357
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8642
Title:
oval:org.cisecurity:def:8642: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8642
CVE-2021-27088
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8641
Title:
oval:org.cisecurity:def:8641: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8641
CVE-2021-28310
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8640
Title:
oval:org.cisecurity:def:8640: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8640
CVE-2021-26416
Severity:
Critical
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8639
Title:
oval:org.cisecurity:def:8639: RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8639
CVE-2021-27091
Severity:
Moderate
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8638
Title:
oval:org.cisecurity:def:8638: Windows Console Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8638
CVE-2021-28438
Severity:
Low
Description:
Applies to:
Created:
2021-05-14
Updated:
2022-05-25

ID:
CISEC:8637
Title:
oval:org.cisecurity:def:8637: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8637
CVE-2021-26872
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8636
Title:
oval:org.cisecurity:def:8636: Windows Virtual Registry Provider Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8636
CVE-2021-26864
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8635
Title:
oval:org.cisecurity:def:8635: Windows Update Stack Setup Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8635
CVE-2021-1729
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8634
Title:
oval:org.cisecurity:def:8634: OpenType Font Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8634
CVE-2021-26876
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8633
Title:
oval:org.cisecurity:def:8633: Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8633
CVE-2021-26892
Severity:
Low
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8632
Title:
oval:org.cisecurity:def:8632: Windows Error Reporting Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8632
CVE-2021-24090
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8631
Title:
oval:org.cisecurity:def:8631: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8631
CVE-2021-1640
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8630
Title:
oval:org.cisecurity:def:8630: Windows Container Execution Agent Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8630
CVE-2021-26865
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8629
Title:
oval:org.cisecurity:def:8629: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8629
CVE-2021-26871
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8628
Title:
oval:org.cisecurity:def:8628: Windows Update Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8628
CVE-2021-26866
Severity:
Low
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8627
Title:
oval:org.cisecurity:def:8627: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8627
CVE-2021-26878
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8626
Title:
oval:org.cisecurity:def:8626: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8626
CVE-2021-26862
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8625
Title:
oval:org.cisecurity:def:8625: Windows Graphics Component Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8625
CVE-2021-26861
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8624
Title:
oval:org.cisecurity:def:8624: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8624
CVE-2021-26897
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8623
Title:
oval:org.cisecurity:def:8623: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8623
CVE-2021-27077
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8622
Title:
oval:org.cisecurity:def:8622: Storage Spaces Controller Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8622
CVE-2021-26880
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8621
Title:
oval:org.cisecurity:def:8621: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8621
CVE-2021-26900
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8620
Title:
oval:org.cisecurity:def:8620: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8620
CVE-2021-26881
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8619
Title:
oval:org.cisecurity:def:8619: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8619
CVE-2021-24095
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8618
Title:
oval:org.cisecurity:def:8618: Windows Container Execution Agent Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8618
CVE-2021-26891
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8617
Title:
oval:org.cisecurity:def:8617: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8617
CVE-2021-27063
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8616
Title:
oval:org.cisecurity:def:8616: Windows User Profile Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8616
CVE-2021-26873
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8615
Title:
oval:org.cisecurity:def:8615: Windows Update Stack Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8615
CVE-2021-26889
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8614
Title:
oval:org.cisecurity:def:8614: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8614
CVE-2021-26894
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8613
Title:
oval:org.cisecurity:def:8613: Windows Event Tracing Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8613
CVE-2021-24107
Severity:
Low
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8612
Title:
oval:org.cisecurity:def:8612: Windows Projected File System Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8612
CVE-2021-26870
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8611
Title:
oval:org.cisecurity:def:8611: Windows UPnP Device Host Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8611
CVE-2021-26899
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8610
Title:
oval:org.cisecurity:def:8610: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8610
CVE-2021-26875
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8609
Title:
oval:org.cisecurity:def:8609: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8609
CVE-2021-26901
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8608
Title:
oval:org.cisecurity:def:8608: Windows App-V Overlay Filter Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8608
CVE-2021-26860
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8607
Title:
oval:org.cisecurity:def:8607: Windows Media Photo Codec Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8607
CVE-2021-26884
Severity:
Low
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8606
Title:
oval:org.cisecurity:def:8606: Windows 10 Update Assistant Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8606
CVE-2021-27070
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8605
Title:
oval:org.cisecurity:def:8605: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8605
CVE-2021-26895
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8604
Title:
oval:org.cisecurity:def:8604: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8604
CVE-2021-26867
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8603
Title:
oval:org.cisecurity:def:8603: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8603
CVE-2021-26863
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8602
Title:
oval:org.cisecurity:def:8602: Windows DNS Server Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8602
CVE-2021-26896
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8601
Title:
oval:org.cisecurity:def:8601: User Profile Service Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8601
CVE-2021-26886
Severity:
Low
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8600
Title:
oval:org.cisecurity:def:8600: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8600
CVE-2021-26885
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8599
Title:
oval:org.cisecurity:def:8599: Windows ActiveX Installer Service Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8599
CVE-2021-26869
Severity:
Low
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8598
Title:
oval:org.cisecurity:def:8598: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8598
CVE-2021-26893
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8597
Title:
oval:org.cisecurity:def:8597: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8597
CVE-2021-26898
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8596
Title:
oval:org.cisecurity:def:8596: Microsoft Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8596
CVE-2020-17162
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8595
Title:
oval:org.cisecurity:def:8595: Windows Overlay Filter Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8595
CVE-2021-26874
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8594
Title:
oval:org.cisecurity:def:8594: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8594
CVE-2021-26868
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8593
Title:
oval:org.cisecurity:def:8593: Application Virtualization Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8593
CVE-2021-26890
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8592
Title:
oval:org.cisecurity:def:8592: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8592
CVE-2021-26877
Severity:
Critical
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8591
Title:
oval:org.cisecurity:def:8591: Windows NAT Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8591
CVE-2021-26879
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8590
Title:
oval:org.cisecurity:def:8590: Remote Access API Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8590
CVE-2021-26882
Severity:
Moderate
Description:
Applies to:
Created:
2021-04-16
Updated:
2022-05-25

ID:
CISEC:8589
Title:
oval:org.cisecurity:def:8589: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8589
CVE-2021-1732
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8588
Title:
oval:org.cisecurity:def:8588: Windows Address Book Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8588
CVE-2021-24083
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8587
Title:
oval:org.cisecurity:def:8587: Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8587
CVE-2021-24082
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8586
Title:
oval:org.cisecurity:def:8586: Windows Remote Procedure Call Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8586
CVE-2021-1734
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8585
Title:
oval:org.cisecurity:def:8585: Windows Graphics Component Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8585
CVE-2021-24093
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8584
Title:
oval:org.cisecurity:def:8584: Windows Network File System Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8584
CVE-2021-24075
Severity:
Low
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8583
Title:
oval:org.cisecurity:def:8583: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8583
CVE-2021-24102
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8582
Title:
oval:org.cisecurity:def:8582: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8582
CVE-2021-24096
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8581
Title:
oval:org.cisecurity:def:8581: Windows Fax Service Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8581
CVE-2021-24077
Severity:
Critical
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8580
Title:
oval:org.cisecurity:def:8580: Windows Trust Verification API Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8580
CVE-2021-24080
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8579
Title:
oval:org.cisecurity:def:8579: Windows TCP/IP Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8579
CVE-2021-24094
Severity:
Critical
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8578
Title:
oval:org.cisecurity:def:8578: Microsoft Windows VMSwitch Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8578
CVE-2021-24076
Severity:
Low
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8577
Title:
oval:org.cisecurity:def:8577: Windows TCP/IP Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8577
CVE-2021-24086
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8576
Title:
oval:org.cisecurity:def:8576: Windows TCP/IP Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8576
CVE-2021-24074
Severity:
Critical
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8575
Title:
oval:org.cisecurity:def:8575: Windows Backup Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8575
CVE-2021-24079
Severity:
Low
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8574
Title:
oval:org.cisecurity:def:8574: Windows PKU2U Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8574
CVE-2021-25195
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8573
Title:
oval:org.cisecurity:def:8573: Windows Fax Service Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8573
CVE-2021-1722
Severity:
Critical
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8572
Title:
oval:org.cisecurity:def:8572: PFX Encryption Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8572
CVE-2021-1731
Severity:
Low
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8571
Title:
oval:org.cisecurity:def:8571: Windows Console Driver Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8571
CVE-2021-24098
Severity:
Low
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8570
Title:
oval:org.cisecurity:def:8570: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8570
CVE-2021-24103
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8569
Title:
oval:org.cisecurity:def:8569: Windows Mobile Device Management Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8569
CVE-2021-24084
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8568
Title:
oval:org.cisecurity:def:8568: Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8568
CVE-2021-24081
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8567
Title:
oval:org.cisecurity:def:8567: Windows DNS Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8567
CVE-2021-24078
Severity:
Critical
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8566
Title:
oval:org.cisecurity:def:8566: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8566
CVE-2021-1727
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8565
Title:
oval:org.cisecurity:def:8565: Windows Camera Codec Pack Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8565
CVE-2021-24091
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8564
Title:
oval:org.cisecurity:def:8564: Windows DirectX Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8564
CVE-2021-24106
Severity:
Low
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8563
Title:
oval:org.cisecurity:def:8563: Windows Local Spooler Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8563
CVE-2021-24088
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8562
Title:
oval:org.cisecurity:def:8562: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8562
CVE-2021-1698
Severity:
Moderate
Description:
Applies to:
Created:
2021-03-17
Updated:
2022-05-25

ID:
CISEC:8561
Title:
oval:org.cisecurity:def:8561: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8561
CVE-2021-1653
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8560
Title:
oval:org.cisecurity:def:8560: Windows InstallService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8560
CVE-2021-1697
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8559
Title:
oval:org.cisecurity:def:8559: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8559
CVE-2021-1690
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8558
Title:
oval:org.cisecurity:def:8558: Microsoft splwow64 Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8558
CVE-2021-1648
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8557
Title:
oval:org.cisecurity:def:8557: Windows Bluetooth Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8557
CVE-2021-1683
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8556
Title:
oval:org.cisecurity:def:8556: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8556
CVE-2021-1655
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8555
Title:
oval:org.cisecurity:def:8555: Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8555
CVE-2021-1676
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8554
Title:
oval:org.cisecurity:def:8554: Windows GDI+ Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8554
CVE-2021-1708
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8553
Title:
oval:org.cisecurity:def:8553: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8553
CVE-2021-1688
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8552
Title:
oval:org.cisecurity:def:8552: Windows Docker Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8552
CVE-2021-1645
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8551
Title:
oval:org.cisecurity:def:8551: Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8551
CVE-2021-1691
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8550
Title:
oval:org.cisecurity:def:8550: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8550
CVE-2021-1687
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8549
Title:
oval:org.cisecurity:def:8549: NTLM Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8549
CVE-2021-1678
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8548
Title:
oval:org.cisecurity:def:8548: Windows LUAFV Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8548
CVE-2021-1706
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8547
Title:
oval:org.cisecurity:def:8547: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8547
CVE-2021-1666
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8546
Title:
oval:org.cisecurity:def:8546: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8546
CVE-2021-1700
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8545
Title:
oval:org.cisecurity:def:8545: Windows WLAN Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8545
CVE-2021-1646
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8544
Title:
oval:org.cisecurity:def:8544: Active Template Library Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8544
CVE-2021-1649
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8543
Title:
oval:org.cisecurity:def:8543: Windows Event Tracing Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8543
CVE-2021-1662
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8542
Title:
oval:org.cisecurity:def:8542: Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8542
CVE-2021-1674
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8541
Title:
oval:org.cisecurity:def:8541: Windows Event Logging Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8541
CVE-2021-1703
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8540
Title:
oval:org.cisecurity:def:8540: Windows DNS Query Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8540
CVE-2021-1637
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8539
Title:
oval:org.cisecurity:def:8539: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8539
CVE-2021-1673
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8538
Title:
oval:org.cisecurity:def:8538: Windows Hyper-V Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8538
CVE-2021-1704
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8537
Title:
oval:org.cisecurity:def:8537: Windows Update Stack Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8537
CVE-2021-1694
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8536
Title:
oval:org.cisecurity:def:8536: Windows Bluetooth Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8536
CVE-2021-1684
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8535
Title:
oval:org.cisecurity:def:8535: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8535
CVE-2021-1659
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8534
Title:
oval:org.cisecurity:def:8534: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8534
CVE-2021-1682
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8533
Title:
oval:org.cisecurity:def:8533: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8533
CVE-2021-1671
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8532
Title:
oval:org.cisecurity:def:8532: Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8532
CVE-2021-1702
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8531
Title:
oval:org.cisecurity:def:8531: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8531
CVE-2021-1710
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8530
Title:
oval:org.cisecurity:def:8530: Windows Bluetooth Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8530
CVE-2021-1638
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8529
Title:
oval:org.cisecurity:def:8529: Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8529
CVE-2021-1650
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8528
Title:
oval:org.cisecurity:def:8528: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8528
CVE-2021-1686
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8527
Title:
oval:org.cisecurity:def:8527: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8527
CVE-2021-1696
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8526
Title:
oval:org.cisecurity:def:8526: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8526
CVE-2021-1660
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8525
Title:
oval:org.cisecurity:def:8525: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8525
CVE-2021-1701
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8524
Title:
oval:org.cisecurity:def:8524: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8524
CVE-2021-1642
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8523
Title:
oval:org.cisecurity:def:8523: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8523
CVE-2021-1663
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8522
Title:
oval:org.cisecurity:def:8522: Windows Print Spooler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8522
CVE-2021-1695
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8521
Title:
oval:org.cisecurity:def:8521: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8521
CVE-2021-1658
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8520
Title:
oval:org.cisecurity:def:8520: Windows CryptoAPI Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8520
CVE-2021-1679
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8519
Title:
oval:org.cisecurity:def:8519: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8519
CVE-2021-1652
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8518
Title:
oval:org.cisecurity:def:8518: Windows Fax Compose Form Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8518
CVE-2021-1657
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8517
Title:
oval:org.cisecurity:def:8517: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8517
CVE-2021-1664
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8516
Title:
oval:org.cisecurity:def:8516: Windows Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8516
CVE-2021-1709
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8515
Title:
oval:org.cisecurity:def:8515: Windows Multipoint Management Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8515
CVE-2021-1689
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8514
Title:
oval:org.cisecurity:def:8514: Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8514
CVE-2021-1668
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8513
Title:
oval:org.cisecurity:def:8513: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8513
CVE-2021-1670
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8512
Title:
oval:org.cisecurity:def:8512: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8512
CVE-2021-1685
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8511
Title:
oval:org.cisecurity:def:8511: Windows (modem.sys) Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8511
CVE-2021-1699
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8510
Title:
oval:org.cisecurity:def:8510: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8510
CVE-2021-1693
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8509
Title:
oval:org.cisecurity:def:8509: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8509
CVE-2021-1665
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8508
Title:
oval:org.cisecurity:def:8508: Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:8508
CVE-2021-1692
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8507
Title:
oval:org.cisecurity:def:8507: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8507
CVE-2021-1667
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8506
Title:
oval:org.cisecurity:def:8506: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8506
CVE-2021-1661
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8505
Title:
oval:org.cisecurity:def:8505: Windows WalletService Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8505
CVE-2021-1681
Severity:
Moderate
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8504
Title:
oval:org.cisecurity:def:8504: Windows CSC Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8504
CVE-2021-1654
Severity:
Critical
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8503
Title:
oval:org.cisecurity:def:8503: Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8503
CVE-2021-1672
Severity:
Low
Description:
Applies to:
Created:
2021-02-12
Updated:
2022-05-25

ID:
CISEC:8502
Title:
oval:org.cisecurity:def:8502: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8502
CVE-2020-17140
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8501
Title:
oval:org.cisecurity:def:8501: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8501
CVE-2020-17103
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8500
Title:
oval:org.cisecurity:def:8500: Windows Error Reporting Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8500
CVE-2020-17094
Severity:
Low
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8499
Title:
oval:org.cisecurity:def:8499: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8499
CVE-2020-16963
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8498
Title:
oval:org.cisecurity:def:8498: Windows Network Connections Service Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8498
CVE-2020-17092
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8497
Title:
oval:org.cisecurity:def:8497: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8497
CVE-2020-16961
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8496
Title:
oval:org.cisecurity:def:8496: Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8496
CVE-2020-17095
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8495
Title:
oval:org.cisecurity:def:8495: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8495
CVE-2020-16964
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8494
Title:
oval:org.cisecurity:def:8494: Kerberos Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8494
CVE-2020-16996
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8493
Title:
oval:org.cisecurity:def:8493: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8493
CVE-2020-16958
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8492
Title:
oval:org.cisecurity:def:8492: Windows Lock Screen Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8492
CVE-2020-17099
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8491
Title:
oval:org.cisecurity:def:8491: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8491
CVE-2020-16959
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8490
Title:
oval:org.cisecurity:def:8490: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8490
CVE-2020-17134
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8489
Title:
oval:org.cisecurity:def:8489: Windows GDI+ Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8489
CVE-2020-17098
Severity:
Low
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8488
Title:
oval:org.cisecurity:def:8488: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8488
CVE-2020-17136
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8487
Title:
oval:org.cisecurity:def:8487: Windows NTFS Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:8487
CVE-2020-17096
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8486
Title:
oval:org.cisecurity:def:8486: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8486
CVE-2020-17137
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8485
Title:
oval:org.cisecurity:def:8485: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8485
CVE-2020-16962
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8484
Title:
oval:org.cisecurity:def:8484: Windows Backup Engine Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8484
CVE-2020-16960
Severity:
Critical
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8483
Title:
oval:org.cisecurity:def:8483: Windows Digital Media Receiver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:8483
CVE-2020-17097
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8482
Title:
oval:org.cisecurity:def:8482: Windows Overlay Filter Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:8482
CVE-2020-17139
Severity:
Moderate
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25

ID:
CISEC:8481
Title:
oval:org.cisecurity:def:8481: Windows Error Reporting Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:8481
CVE-2020-17138
Severity:
Low
Description:
Applies to:
Created:
2021-01-08
Updated:
2022-05-25