Filtered by vendor Microsoft
Subscribe
Total
19961 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
CVE-2021-30621 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Chromium: CVE-2021-30621 UI Spoofing in Autofill | |||||
CVE-2021-33776 | 1 Microsoft | 1 Hevc Video Extensions | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
HEVC Video Extensions Remote Code Execution Vulnerability | |||||
CVE-2021-34493 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||
CVE-2021-30622 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Chromium: CVE-2021-30622 Use after free in WebApp Installs | |||||
CVE-2021-31443 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13240. | |||||
CVE-2021-20099 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100. | |||||
CVE-2021-21988 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. | |||||
CVE-2021-31179 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Microsoft Office Remote Code Execution Vulnerability | |||||
CVE-2021-34481 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 7.5 HIGH | 8.8 HIGH |
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p> | |||||
CVE-2021-28609 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-31466 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13583. | |||||
CVE-2021-31958 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.5 HIGH |
Windows NTLM Elevation of Privilege Vulnerability | |||||
CVE-2021-34533 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |||||
CVE-2021-34469 | 1 Microsoft | 2 365 Apps, Office | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
Microsoft Office Security Feature Bypass Vulnerability | |||||
CVE-2020-7819 | 2 Microsoft, Ntracker | 2 Windows, Ntracker Usb Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | |||||
CVE-2021-26472 | 2 Microsoft, Vembu | 3 Windows, Bdr Suite, Offsite Dr | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges. | |||||
CVE-2021-31213 | 1 Microsoft | 1 Remote | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | |||||
CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | |||||
CVE-2021-29766 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. |