Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20444 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.
|
|||||
| CVE-2021-20443 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.
|
|||||
| CVE-2021-20442 | 2 Ibm, Microsoft | 2 Security Verify Bridge, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618.
|
|||||
| CVE-2021-20441 | 2 Ibm, Microsoft | 2 Security Verify Bridge, Windows | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617.
|
|||||
| CVE-2021-20431 | 3 Ibm, Linux, Microsoft | 3 I2 Analysts Notebook, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.
|
|||||
| CVE-2021-20430 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.
|
|||||
| CVE-2021-20421 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
|
|||||
| CVE-2021-20373 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.
|
|||||
| CVE-2021-20355 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891.
|
|||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.
|
|||||
| CVE-2021-20334 | 2 Microsoft, Mongodb | 2 Windows, Compass | 2024-11-21 | 4.6 MEDIUM | 4.8 MEDIUM |
|
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows.
|
|||||
| CVE-2021-20100 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20099.
|
|||||
| CVE-2021-20099 | 2 Microsoft, Tenable | 2 Windows, Nessus | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
|
|||||
| CVE-2021-20081 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Servicedesk Plus | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
|
|||||
| CVE-2021-1734 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Windows Remote Procedure Call Information Disclosure Vulnerability
|
|||||
| CVE-2021-1733 | 1 Microsoft | 1 Psexec | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Sysinternals PsExec Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1731 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
PFX Encryption Security Feature Bypass Vulnerability
|
|||||
| CVE-2021-1729 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
|
Windows Update Stack Setup Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1728 | 1 Microsoft | 1 System Center Operations Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
System Center Operations Manager Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1727 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1726 | 1 Microsoft | 11 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server and 8 more | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2021-1725 | 1 Microsoft | 1 Bot Framework Software Development Kit | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Bot Framework SDK Information Disclosure Vulnerability
|
|||||
| CVE-2021-1724 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2024-11-21 | 2.3 LOW | 6.1 MEDIUM |
|
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
|
|||||
| CVE-2021-1723 | 2 Fedoraproject, Microsoft | 3 Fedora, Asp.net Core, Visual Studio 2019 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ASP.NET Core and Visual Studio Denial of Service Vulnerability
|
|||||
| CVE-2021-1722 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
Windows Fax Service Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1721 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
.NET Core and Visual Studio Denial of Service Vulnerability
|
|||||
| CVE-2021-1719 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Microsoft SharePoint Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1718 | 1 Microsoft | 1 Sharepoint Foundation | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
|
Microsoft SharePoint Server Tampering Vulnerability
|
|||||
| CVE-2021-1717 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 5.8 MEDIUM | 4.6 MEDIUM |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2021-1716 | 1 Microsoft | 8 365 Apps, Office, Office Online Server and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft Word Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1715 | 1 Microsoft | 8 365 Apps, Office, Office Online Server and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft Word Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1714 | 1 Microsoft | 7 365 Apps, Excel, Excel Services and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1713 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1712 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Microsoft SharePoint Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1711 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1710 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1709 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
|
Windows Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-1708 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
|
Windows GDI+ Information Disclosure Vulnerability
|
|||||
| CVE-2021-1707 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2021-1706 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.0 HIGH | 7.3 HIGH |
|
Windows LUAFV Elevation of Privilege Vulnerability
|
|||||