Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27056 | 1 Microsoft | 3 365 Apps, Office, Powerpoint | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||
| CVE-2021-26701 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-29 | 7.5 HIGH | 8.1 HIGH |
| .NET Core Remote Code Execution Vulnerability | |||||
| CVE-2021-27057 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-26902 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-26859 | 1 Microsoft | 1 Power Bi Report Server | 2023-12-29 | 4.0 MEDIUM | 7.7 HIGH |
| Microsoft Power BI Information Disclosure Vulnerability | |||||
| CVE-2021-27082 | 1 Microsoft | 1 Quantum Development Kit | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-27078 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26857 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-27062 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-27060 | 1 Microsoft | 1 Visual Studio Code | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-27074 | 1 Microsoft | 1 Azure Sphere | 2023-12-29 | 4.9 MEDIUM | 6.2 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2021-27047 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-27083 | 1 Microsoft | 1 Remote Development | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-27081 | 1 Microsoft | 1 Visual Studio Code Eslint Extension | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-27085 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2023-12-29 | 7.6 HIGH | 8.8 HIGH |
| Internet Explorer Remote Code Execution Vulnerability | |||||
| CVE-2021-26858 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26700 | 1 Microsoft | 1 Visual Studio Code Npm-script Extension | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | |||||
| CVE-2021-27066 | 1 Microsoft | 1 Windows Admin Center | 2023-12-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Windows Admin Center Security Feature Bypass Vulnerability | |||||
| CVE-2021-27049 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-27050 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-24109 | 1 Microsoft | 1 Azure Kubernetes Service | 2023-12-29 | 6.0 MEDIUM | 6.8 MEDIUM |
| Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-1644 | 1 Microsoft | 1 Hevc Video Extensions | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-1636 | 1 Microsoft | 1 Sql Server | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SQL Elevation of Privilege Vulnerability | |||||
| CVE-2021-1715 | 1 Microsoft | 8 365 Apps, Office, Office Online Server and 5 more | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-1719 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-29 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2021-26411 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2023-12-29 | 5.1 MEDIUM | 8.8 HIGH |
| Internet Explorer Memory Corruption Vulnerability | |||||
| CVE-2021-1718 | 1 Microsoft | 1 Sharepoint Foundation | 2023-12-29 | 6.5 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Server Tampering Vulnerability | |||||
| CVE-2021-24105 | 1 Microsoft | 1 Package Manager Configurations | 2023-12-29 | 6.8 MEDIUM | 8.4 HIGH |
| <p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe this vulnerability affects multiple package managers across multiple languages, including but not limited to: Python/pip, .NET/NuGet, Java/Maven, JavaScript/npm.</p> <p><strong>Attack scenarios</strong></p> <p>An attacker could take advantage of this ecosystem-wide issue to cause harm in a variety of ways. The original attack scenarios were discovered by Alex Birsan and are detailed in their whitepaper, <a href="https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610">Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies</a>.</p> <ul> <li><p>With basic knowledge of the target ecosystems, an attacker could create an empty shell for a package and insert malicious code in the install scripts, give it a high version, and publish it to the public repository. Vulnerable victim machines will download the higher version of the package between the public and private repositories and attempt to install it. Due to code incompatibility it will probably error out upon import or upon compilation, making it easier to detect; however the attacker would have gained code execution by that point.</p> </li> <li><p>An advanced attacker with some inside knowledge of the target could take a copy of a working package, insert the malicious code (in the package itself or in the install), and then publish it to a public repository. The package will likely install and import correctly, granting the attacker an initial foothold and persistence.</p> </li> </ul> <p>These two methods could affect target organizations at any of these various levels:</p> <ul> <li>Developer machines</li> <li>An entire team if the configuration to import the malicious package is uploaded to a code repository</li> <li>Continuous integration pipelines if they pull the malicious packages during the build, test, and/or deploy stages</li> <li>Customers, download servers, production services if the malicious code has not been detected</li> </ul> <p>This remote code execution vulnerability can only be addressed by reconfiguring installation tools and workflows, and not by correcting anything in the package repositories themselves. See the <strong>FAQ</strong> section of this CVE for configuration guidance.</p> | |||||
| CVE-2021-1728 | 1 Microsoft | 1 System Center Operations Manager | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| System Center Operations Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-1712 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2021-1730 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 5.8 MEDIUM | 5.4 MEDIUM |
| <p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p> | |||||
| CVE-2021-1724 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2023-12-29 | 2.3 LOW | 6.1 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-1717 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-1721 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2023-12-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2021-24110 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-24108 | 1 Microsoft | 2 365 Apps, Office | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-1641 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-24104 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-24068 | 1 Microsoft | 2 Excel, Office Web Apps | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-24114 | 1 Microsoft | 1 Teams | 2023-12-29 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft Teams iOS Information Disclosure Vulnerability | |||||
| CVE-2021-1726 | 1 Microsoft | 11 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server and 8 more | 2023-12-29 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-24089 | 1 Microsoft | 1 High Efficiency Video Coding | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-1707 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 9.0 HIGH | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-1705 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2023-12-29 | 7.6 HIGH | 4.2 MEDIUM |
| Microsoft Edge (HTML-based) Memory Corruption Vulnerability | |||||
| CVE-2021-1677 | 1 Microsoft | 1 Azure Kubernetes Service | 2023-12-29 | 2.1 LOW | 5.5 MEDIUM |
| Azure Active Directory Pod Identity Spoofing Vulnerability | |||||
| CVE-2021-1643 | 1 Microsoft | 1 Hevc Video Extensions | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability | |||||
| CVE-2021-1723 | 2 Fedoraproject, Microsoft | 3 Fedora, Asp.net Core, Visual Studio 2019 | 2023-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| ASP.NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2021-1716 | 1 Microsoft | 8 365 Apps, Office, Office Online Server and 5 more | 2023-12-29 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-1714 | 1 Microsoft | 7 365 Apps, Excel, Excel Services and 4 more | 2023-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2021-1733 | 1 Microsoft | 1 Psexec | 2023-12-29 | 4.6 MEDIUM | 7.8 HIGH |
| Sysinternals PsExec Elevation of Privilege Vulnerability | |||||