Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2021-07-02 | 9.0 HIGH | 8.8 HIGH |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
| CVE-2020-7868 | 2 Helpu, Microsoft | 2 Helpu, Windows | 2021-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. | |||||
| CVE-2021-28573 | 2 Adobe, Microsoft | 2 Animate, Windows | 2021-07-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28587 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-07-02 | 4.3 MEDIUM | 3.3 LOW |
| After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28586 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-07-02 | 9.3 HIGH | 7.8 HIGH |
| After Effects version 18.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28570 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2021-07-02 | 9.3 HIGH | 8.6 HIGH |
| Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2021-20572 | 2 Ibm, Microsoft | 2 Security Identity Manager Adapter, Windows | 2021-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247. | |||||
| CVE-2021-20573 | 2 Ibm, Microsoft | 2 Security Identity Manager Adapter, Windows | 2021-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249. | |||||
| CVE-2020-17759 | 2 Evernote, Microsoft | 4 Evernote, Windows 10, Windows 7 and 1 more | 2021-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941. | |||||
| CVE-2021-29964 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-06-30 | 5.8 MEDIUM | 7.1 HIGH |
| A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. | |||||
| CVE-2017-0256 | 1 Microsoft | 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more | 2021-06-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |||||
| CVE-2017-0247 | 1 Microsoft | 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. | |||||
| CVE-2017-0249 | 1 Microsoft | 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more | 2021-06-30 | 7.5 HIGH | 7.3 HIGH |
| An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |||||
| CVE-2018-8171 | 1 Microsoft | 3 Asp.net Core, Asp.net Model View Controller, Asp.net Webpages | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. | |||||
| CVE-2021-21070 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2021-06-28 | 9.3 HIGH | 6.5 MEDIUM |
| Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges. | |||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2021-06-28 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2015-7358 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2021-06-28 | 7.2 HIGH | 7.8 HIGH |
| The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | |||||
| CVE-2015-7359 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2021-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. | |||||
| CVE-2021-29968 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2021-06-25 | 5.8 MEDIUM | 8.1 HIGH |
| When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.0.1. | |||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2021-06-24 | 7.5 HIGH | 9.8 CRITICAL |
| Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | |||||