Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21134 | 3 Apple, Google, Microsoft | 3 Iphone Os, Chrome, Edge Chromium | 2021-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2021-21132 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2021-21120 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21124 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21121 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21122 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21123 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | |||||
| CVE-2021-21119 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21128 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2021-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21065 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-02-26 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21066 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-02-26 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21140 | 2 Google, Microsoft | 2 Chrome, Edge | 2021-02-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | |||||
| CVE-2021-3339 | 1 Microsoft | 1 Modernflow | 2021-02-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | |||||
| CVE-2021-23338 | 1 Microsoft | 1 Qlib | 2021-02-25 | 6.5 MEDIUM | 7.2 HIGH |
| This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function. | |||||
| CVE-2020-36233 | 2 Atlassian, Microsoft | 2 Bitbucket, Windows | 2021-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | |||||
| CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2021-02-23 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | |||||
| CVE-2020-4933 | 3 Ibm, Linux, Microsoft | 3 Jazz Reporting Service, Linux Kernel, Windows | 2021-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751. | |||||
| CVE-2021-20445 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. | |||||
| CVE-2021-20443 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. | |||||
| CVE-2021-20444 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. | |||||
| CVE-2021-20354 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2021-02-22 | 7.8 HIGH | 7.5 HIGH |
| IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. | |||||
| CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2021-02-22 | 2.6 LOW | 6.1 MEDIUM |
| The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
| CVE-2021-20446 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622. | |||||
| CVE-2020-26233 | 1 Microsoft | 1 Git Credential Manager Core | 2021-02-18 | 3.6 LOW | 7.3 HIGH |
| Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option. | |||||
| CVE-2021-21052 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-02-17 | 9.3 HIGH | 7.8 HIGH |
| Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21053 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-02-17 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-25251 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus\+ Security 2020, Antivirus\+ Security 2021 and 6 more | 2021-02-16 | 6.5 MEDIUM | 7.2 HIGH |
| The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. | |||||
| CVE-2016-8827 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2021-02-11 | 5.0 MEDIUM | 6.5 MEDIUM |
| NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | |||||
| CVE-2021-1072 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2021-02-08 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service. | |||||
| CVE-2021-21292 | 2 Microsoft, Traccar | 2 Windows, Traccar | 2021-02-08 | 1.9 LOW | 6.3 MEDIUM |
| Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12. | |||||
| CVE-2021-25234 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. | |||||
| CVE-2021-25248 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25249 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 7.2 HIGH | 7.8 HIGH |
| An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25230 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. | |||||
| CVE-2021-25231 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | |||||
| CVE-2021-25232 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. | |||||
| CVE-2021-25233 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. | |||||
| CVE-2021-25235 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file. | |||||
| CVE-2021-25236 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | |||||
| CVE-2021-25237 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | |||||
| CVE-2021-25239 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. | |||||
| CVE-2021-25238 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. | |||||
| CVE-2021-25241 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. | |||||
| CVE-2021-25240 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. | |||||
| CVE-2021-25242 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | |||||
| CVE-2021-25243 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. | |||||
| CVE-2012-2531 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2021-02-05 | 2.1 LOW | N/A |
| Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." | |||||
| CVE-2012-2532 | 1 Microsoft | 4 Ftp Service, Windows 7, Windows Server 2008 and 1 more | 2021-02-05 | 5.0 MEDIUM | N/A |
| Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." | |||||
| CVE-2008-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2021-02-05 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. | |||||
| CVE-2010-2730 | 1 Microsoft | 1 Internet Information Services | 2021-02-05 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." | |||||