Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19961 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7869 2 Mastersoft, Microsoft 2 Zook, Windows 2024-02-28 9.0 HIGH 8.8 HIGH
An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority.
CVE-2021-30621 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-33776 1 Microsoft 1 Hevc Video Extensions 2024-02-28 6.8 MEDIUM 7.8 HIGH
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2021-34493 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2021-30622 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2024-02-28 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-31443 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2024-02-28 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13240.
CVE-2021-20099 2 Microsoft, Tenable 2 Windows, Nessus 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
CVE-2021-21988 2 Microsoft, Vmware 3 Windows, Horizon Client, Workstation 2024-02-28 2.1 LOW 6.5 MEDIUM
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
CVE-2021-31179 1 Microsoft 5 365 Apps, Excel, Office and 2 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-34481 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-02-28 7.5 HIGH 8.8 HIGH
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p>
CVE-2021-28609 2 Adobe, Microsoft 2 After Effects, Windows 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-31466 2 Foxitsoftware, Microsoft 2 3d, Windows 2024-02-28 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13583.
CVE-2021-31958 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-02-28 6.8 MEDIUM 7.5 HIGH
Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-34533 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
Windows Graphics Component Font Parsing Remote Code Execution Vulnerability
CVE-2021-34469 1 Microsoft 2 365 Apps, Office 2024-02-28 5.8 MEDIUM 8.2 HIGH
Microsoft Office Security Feature Bypass Vulnerability
CVE-2020-7819 2 Microsoft, Ntracker 2 Windows, Ntracker Usb Enterprise 2024-02-28 5.0 MEDIUM 7.5 HIGH
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
CVE-2021-26472 2 Microsoft, Vembu 3 Windows, Bdr Suite, Offsite Dr 2024-02-28 10.0 HIGH 9.8 CRITICAL
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
CVE-2021-31213 1 Microsoft 1 Remote 2024-02-28 6.8 MEDIUM 7.8 HIGH
Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
CVE-2021-20536 2 Ibm, Microsoft 2 Spectrum Protect Plus, Windows 2024-02-28 2.1 LOW 6.2 MEDIUM
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.
CVE-2021-29766 3 Ibm, Linux, Microsoft 3 I2 Analyze, Linux Kernel, Windows 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.