Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31198 | 1 Microsoft | 1 Exchange Server | 2022-04-29 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195. | |||||
| CVE-2021-31181 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-04-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2021-28476 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2022-04-29 | 6.5 MEDIUM | 9.9 CRITICAL |
| Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2022-04-29 | 5.8 MEDIUM | 8.1 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-35053 | 2 Kaspersky, Microsoft | 2 Endpoint Security, Windows | 2022-04-29 | 7.8 HIGH | 7.5 HIGH |
| Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable. | |||||
| CVE-2020-1313 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2022-04-28 | 6.8 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-0986 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | |||||
| CVE-2020-1269 | 2 Microsoft, Opensuse | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | |||||
| CVE-2020-1054 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143. | |||||
| CVE-2020-1048 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070. | |||||
| CVE-2020-1597 | 2 Fedoraproject, Microsoft | 4 Fedora, Asp.net Core, Visual Studio 2017 and 1 more | 2022-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||||
| CVE-2020-1380 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2022-04-28 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570. | |||||
| CVE-2020-0559 | 2 Intel, Microsoft | 78 Ac 3165 Firmware, Ac 3168 Firmware, Ac 7265 Firmware and 75 more | 2022-04-28 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-16875 | 1 Microsoft | 1 Exchange Server | 2022-04-28 | 9.0 HIGH | 7.2 HIGH |
| A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'. | |||||
| CVE-2020-24556 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | |||||
| CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2022-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | |||||
| CVE-2021-26625 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2022-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file. | |||||
| CVE-2021-26626 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2022-04-27 | 5.1 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code. | |||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2022-04-27 | 7.2 HIGH | 7.8 HIGH |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | |||||
| CVE-2020-1400 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-04-27 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407. | |||||