Filtered by vendor Microsoft
Subscribe
Search
Total
6671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43237 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| Windows Setup Elevation of Privilege Vulnerability | |||||
| CVE-2021-34424 | 5 Apple, Google, Linux and 2 more | 30 Iphone Os, Macos, Android and 27 more | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory. | |||||
| CVE-2021-42954 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc. | |||||
| CVE-2021-42955 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Remote Access Plus | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account. | |||||
| CVE-2021-44466 | 2 Leap, Microsoft | 2 Bitmask Riseup Vpn, Windows | 2022-07-12 | 4.6 MEDIUM | 7.3 HIGH |
| Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges. | |||||
| CVE-2021-43223 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-43245 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital TV Tuner Elevation of Privilege Vulnerability | |||||
| CVE-2020-1147 | 1 Microsoft | 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | |||||
| CVE-2021-44226 | 2 Microsoft, Razer | 2 Windows, Synapse | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. | |||||
| CVE-2021-43239 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | |||||
| CVE-2021-42312 | 1 Microsoft | 1 Defender For Iot | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Defender for IOT Elevation of Privilege Vulnerability | |||||
| CVE-2020-12981 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. | |||||
| CVE-2021-28818 | 2 Microsoft, Tibco | 2 Windows, Rendezvous | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. | |||||
| CVE-2021-28817 | 2 Microsoft, Tibco | 2 Windows, Rendezvous | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. | |||||
| CVE-2021-40989 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-43875 | 1 Microsoft | 2 365 Apps, Office | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2021-27893 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2022-07-12 | 4.4 MEDIUM | 7.0 HIGH |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. | |||||
| CVE-2021-27892 | 2 Microsoft, Ssh | 4 Windows, Tectia Client, Tectia Connectsecure and 1 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. | |||||
| CVE-2020-0787 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2021-37969 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | |||||
| CVE-2021-29645 | 2 Hitachi, Microsoft | 15 It Operations Director, Job Management Partner 1\/it Desktop Management-manager, Job Management Partner 1\/it Desktop Management 2-manager and 12 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system. | |||||
| CVE-2021-43883 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-43891 | 1 Microsoft | 1 Visual Studio Code | 2022-07-12 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-43893 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | |||||
| CVE-2021-21125 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2022-07-12 | 5.8 MEDIUM | 8.1 HIGH |
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |||||
| CVE-2021-21127 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2021-43238 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Remote Access Elevation of Privilege Vulnerability | |||||
| CVE-2021-43233 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-12 | 5.1 MEDIUM | 7.5 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2022-23763 | 2 Douzone, Microsoft | 2 Neors, Windows | 2022-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. | |||||
| CVE-2017-20107 | 2 Microsoft, Shadeyouvpn.com Project | 2 Windows, Shadeyouvpn.com | 2022-07-11 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20123 | 2 Microsoft, Sparklabs | 2 Windows, Viscosity | 2022-07-09 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2020-7881 | 2 Afreecatv, Microsoft | 2 Afreecatv, Windows | 2022-07-08 | 6.5 MEDIUM | 8.8 HIGH |
| The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. | |||||
| CVE-2022-24545 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-07-06 | 5.1 MEDIUM | 7.5 HIGH |
| Windows Kerberos Remote Code Execution Vulnerability. | |||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2022-07-05 | 6.9 MEDIUM | 7.8 HIGH |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | |||||
| CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2022-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
| CVE-2021-41635 | 2 Melag, Microsoft | 2 Ftp Server, Windows | 2022-07-01 | 9.0 HIGH | 8.8 HIGH |
| When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | |||||
| CVE-2021-1257 | 5 Apple, Cisco, Linux and 2 more | 5 Macos, Dna Center, Linux Kernel and 2 more | 2022-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | |||||
| CVE-2021-46818 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | |||||
| CVE-2021-46817 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2022-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | |||||
| CVE-2021-46816 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2022-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | |||||
| CVE-2021-28605 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2022-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-28602 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28607 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2022-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 18.2 (and earlier) is affected by a heap corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30656 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30655 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30657 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30664 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30653 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30654 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-06-27 | 9.3 HIGH | 7.8 HIGH |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||