Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21997 | 2 Microsoft, Vmware | 2 Windows, Tools | 2021-06-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. | |||||
| CVE-2021-31476 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-06-23 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531. | |||||
| CVE-2011-0154 | 2 Apple, Microsoft | 3 Iphone Os, Itunes, Windows | 2021-06-23 | 5.1 MEDIUM | N/A |
| WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
| CVE-2021-3041 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory or to manipulate key registry values. This issue impacts: Cortex XDR agent 5.0 versions earlier than Cortex XDR agent 5.0.11; Cortex XDR agent 6.1 versions earlier than Cortex XDR agent 6.1.8; Cortex XDR agent 7.2 versions earlier than Cortex XDR agent 7.2.3; All versions of Cortex XDR agent 7.2 without content update release 171 or a later version. | |||||
| CVE-2021-20483 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Identity Manager, Linux Kernel and 2 more | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591. | |||||
| CVE-2020-26155 | 2 Microsoft, Utimaco | 7 Windows, Block-safe Firmware, Cryptoserver Cp5 Firmware and 4 more | 2021-06-17 | 4.4 MEDIUM | 7.8 HIGH |
| Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. | |||||
| CVE-2021-31946 | 1 Microsoft | 1 Paint 3d | 2021-06-17 | 6.8 MEDIUM | 6.6 MEDIUM |
| Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983. | |||||
| CVE-2005-2225 | 1 Microsoft | 1 Msn Messenger Service | 2021-06-15 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. | |||||
| CVE-2002-1847 | 1 Microsoft | 1 Windows Media Player | 2021-06-15 | 7.5 HIGH | N/A |
| Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. | |||||
| CVE-2021-32460 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2021 | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. | |||||
| CVE-2021-31954 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-31949 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2021-06-15 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2021-31950 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-15 | 5.5 MEDIUM | 8.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964. | |||||
| CVE-2021-31963 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31966. | |||||
| CVE-2021-31964 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-15 | 5.5 MEDIUM | 8.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31950. | |||||
| CVE-2021-31965 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-31966 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2021-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26420, CVE-2021-31963. | |||||
| CVE-2021-31977 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-06-14 | 5.0 MEDIUM | 8.6 HIGH |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2019-0232 | 2 Apache, Microsoft | 2 Tomcat, Windows | 2021-06-14 | 9.3 HIGH | 8.1 HIGH |
| When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/). | |||||
| CVE-2019-10246 | 4 Eclipse, Microsoft, Netapp and 1 more | 26 Jetty, Windows, Element and 23 more | 2021-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. | |||||