Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Total 17397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21841 1 Microsoft 2 365 Apps, Office 2022-01-14 9.3 HIGH 7.8 HIGH
Microsoft Excel Remote Code Execution Vulnerability.
CVE-2021-45442 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2022-01-14 6.6 MEDIUM 7.1 HIGH
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-45440 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2022-01-14 7.2 HIGH 7.8 HIGH
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-44024 2 Microsoft, Trendmicro 4 Windows, Apex One, Worry-free Business Security and 1 more 2022-01-14 6.6 MEDIUM 7.1 HIGH
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-21839 1 Microsoft 2 Windows 10, Windows Server 2019 2022-01-13 2.1 LOW 5.5 MEDIUM
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.
CVE-2022-21837 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2022-01-13 9.0 HIGH 8.8 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability.
CVE-2020-7878 2 4nb, Microsoft 2 Videooffice, Windows 2022-01-12 7.5 HIGH 9.8 CRITICAL
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.
CVE-2020-7883 2 Microsoft, Wowsoft 2 Windows, Printchaser 2022-01-11 7.5 HIGH 9.8 CRITICAL
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.
CVE-2021-45884 4 Apple, Brave, Linux and 1 more 4 Macos, Brave, Linux Kernel and 1 more 2022-01-07 4.3 MEDIUM 7.5 HIGH
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
CVE-2021-23175 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2022-01-07 4.4 MEDIUM 8.2 HIGH
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.
CVE-2020-1457 1 Microsoft 1 Windows 10 2022-01-04 6.8 MEDIUM 7.8 HIGH
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425.
CVE-2021-42808 2 Microsoft, Thalesgroup 2 Windows, Sentinel Protection Installer 2022-01-04 7.2 HIGH 6.7 MEDIUM
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
CVE-2021-42809 2 Microsoft, Thalesgroup 2 Windows, Sentinel Protection Installer 2022-01-04 6.9 MEDIUM 7.8 HIGH
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
CVE-2019-5695 2 Microsoft, Nvidia 3 Windows, Geforce Experience, Gpu Driver 2022-01-01 6.9 MEDIUM 6.5 MEDIUM
NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution.
CVE-2019-5694 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2022-01-01 4.4 MEDIUM 6.5 MEDIUM
NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service or information disclosure through code execution. The attacker requires local system access.
CVE-2019-9491 2 Microsoft, Trendmicro 2 Windows, Anti-threat Toolkit 2022-01-01 5.1 MEDIUM 7.8 HIGH
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
CVE-2019-17021 3 Microsoft, Mozilla, Opensuse 4 Windows, Firefox, Firefox Esr and 1 more 2022-01-01 2.6 LOW 5.3 MEDIUM
During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2020-0618 1 Microsoft 1 Sql Server 2022-01-01 6.5 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
CVE-2020-0561 4 Intel, Linux, Microsoft and 1 more 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more 2022-01-01 4.6 MEDIUM 7.8 HIGH
Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0674 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2022-01-01 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.