Filtered by vendor Microsoft
Subscribe
Search
Total
6671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34530 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||
| CVE-2021-34533 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | |||||
| CVE-2021-34486 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-26433 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |||||
| CVE-2021-34535 | 1 Microsoft | 9 Remote Desktop, Windows 10, Windows 7 and 6 more | 2023-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-34487 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 7.0 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-36968 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows DNS Elevation of Privilege Vulnerability | |||||
| CVE-2021-36958 | 1 Microsoft | 1 Windows | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> | |||||
| CVE-2021-36967 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 5.8 MEDIUM | 8.0 HIGH |
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-36952 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2021-36974 | 1 Microsoft | 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows SMB Elevation of Privilege Vulnerability | |||||
| CVE-2021-38628 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2021-33762 | 1 Microsoft | 1 Azure Cyclecloud | 2023-12-28 | 4.6 MEDIUM | 7.0 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability | |||||
| CVE-2021-38634 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 7.2 HIGH | 7.1 HIGH |
| Microsoft Windows Update Client Elevation of Privilege Vulnerability | |||||
| CVE-2021-36966 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||
| CVE-2021-26435 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2023-12-28 | 6.8 MEDIUM | 8.1 HIGH |
| Windows Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2021-36933 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | |||||
| CVE-2021-34524 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 6.5 MEDIUM | 8.1 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2021-34484 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-26423 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2021-42322 | 1 Microsoft | 1 Visual Studio Code | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2021-42321 | 1 Microsoft | 1 Exchange Server | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-43209 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||
| CVE-2021-43208 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||
| CVE-2021-42283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 8.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42292 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2023-12-28 | 6.8 MEDIUM | 7.6 HIGH |
| <p>A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim.</p> <p>Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded.</p> <p>The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.</p> | |||||
| CVE-2021-41356 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Denial of Service Vulnerability | |||||
| CVE-2021-40457 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 4.3 MEDIUM | 7.4 HIGH |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2021-42285 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-12-28 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office | 2023-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-42286 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||
| CVE-2021-42316 | 1 Microsoft | 1 Dynamics 365 | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | |||||
| CVE-2021-42298 | 1 Microsoft | 1 Malware Protection Engine | 2023-12-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-42275 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||
| CVE-2021-42291 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-41377 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-42282 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-40442 | 1 Microsoft | 7 365 Apps, Excel, Office and 4 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-38665 | 1 Microsoft | 11 Remote Desktop, Windows 10, Windows 11 and 8 more | 2023-12-28 | 4.3 MEDIUM | 7.4 HIGH |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||
| CVE-2021-41370 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-41366 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | |||||
| CVE-2021-38666 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2021-36957 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||
| CVE-2021-42306 | 1 Microsoft | 4 Azure Active Directory, Azure Active Site Recovery, Azure Automation and 1 more | 2023-12-28 | 4.0 MEDIUM | 8.1 HIGH |
| <p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a>? on an Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p> <p>Azure AD?addressed this vulnerability by preventing disclosure of any private key?values added?to the application.</p> <p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p> <p>For more details on this issue, please refer to the <a href="https://aka.ms/CVE-2021-42306-AAD">MSRC Blog Entry</a>.</p> | |||||
| CVE-2021-42278 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-41352 | 1 Microsoft | 1 System Center Operations Manager | 2023-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| SCOM Information Disclosure Vulnerability | |||||
| CVE-2021-42276 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||
| CVE-2021-41378 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2023-12-28 | 6.5 MEDIUM | 7.8 HIGH |
| Windows NTFS Remote Code Execution Vulnerability | |||||
| CVE-2021-41367 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||