Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24081 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24080 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Windows Trust Verification API Denial of Service Vulnerability
|
|||||
| CVE-2021-24079 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows Backup Engine Information Disclosure Vulnerability
|
|||||
| CVE-2021-24078 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Windows DNS Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24077 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Windows Fax Service Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24076 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2012 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Microsoft Windows VMSwitch Information Disclosure Vulnerability
|
|||||
| CVE-2021-24075 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
|
Microsoft Windows VMSwitch Denial of Service Vulnerability
|
|||||
| CVE-2021-24074 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Windows TCP/IP Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24073 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Skype for Business and Lync Spoofing Vulnerability
|
|||||
| CVE-2021-24072 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24071 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Microsoft SharePoint Information Disclosure Vulnerability
|
|||||
| CVE-2021-24070 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24069 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24068 | 1 Microsoft | 2 Excel, Office Web Apps | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24067 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-24066 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Microsoft SharePoint Remote Code Execution Vulnerability
|
|||||
| CVE-2021-23827 | 4 Apple, Keybase, Microsoft and 1 more | 4 Macos, Keybase, Windows and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
|
|||||
| CVE-2021-23338 | 1 Microsoft | 1 Qlib | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
|
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
|
|||||
| CVE-2021-23219 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
|
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure.
|
|||||
| CVE-2021-23217 | 3 Linux, Microsoft, Nvidia | 65 Linux Kernel, Windows, Geforce Gt 605 and 62 more | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
|
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components.
|
|||||
| CVE-2021-23201 | 3 Linux, Microsoft, Nvidia | 37 Linux Kernel, Windows, Geforce Gtx 950 and 34 more | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
|
NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components.
|
|||||
| CVE-2021-23175 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 4.4 MEDIUM | 8.2 HIGH |
|
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
|
|||||
| CVE-2021-23139 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
|
|||||
| CVE-2021-22921 | 3 Microsoft, Nodejs, Siemens | 3 Windows, Node.js, Sinec Infrastructure Network Services | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
|
|||||
| CVE-2021-22004 | 3 Fedoraproject, Microsoft, Saltstack | 3 Fedora, Windows, Salt | 2024-11-21 | 4.4 MEDIUM | 6.4 MEDIUM |
|
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
|
|||||
| CVE-2021-21997 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system.
|
|||||
| CVE-2021-21989 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2021-21988 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2021-21987 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
|
|||||
| CVE-2021-21912 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21911 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21706 | 2 Microsoft, Php | 2 Windows, Php | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
|
|||||
| CVE-2021-21683 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.
|
|||||
| CVE-2021-21682 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
|
|||||
| CVE-2021-21552 | 2 Dell, Microsoft | 4 Wyse 5070 Thin Client, Wyse 5470 All-in-one Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 7.2 HIGH | 5.2 MEDIUM |
|
Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.
|
|||||
| CVE-2021-21384 | 3 Microsoft, Opengroup, Shescape Project | 3 Windows, Unix, Shescape | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
|
|||||
| CVE-2021-21292 | 2 Microsoft, Traccar | 2 Windows, Traccar | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12.
|
|||||
| CVE-2021-21233 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2021-21196 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||