Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31186 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||
| CVE-2021-26422 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2021-05-17 | 6.5 MEDIUM | 7.2 HIGH |
| Skype for Business and Lync Remote Code Execution Vulnerability | |||||
| CVE-2014-9390 | 6 Apple, Eclipse, Git-scm and 3 more | 8 Mac Os X, Xcode, Egit and 5 more | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. | |||||
| CVE-2021-31191 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-05-17 | 2.1 LOW | 5.5 MEDIUM |
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2021-31194 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| OLE Automation Remote Code Execution Vulnerability | |||||
| CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2021-05-17 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198. | |||||
| CVE-2021-28461 | 1 Microsoft | 1 Dynamics 365 | 2021-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | |||||
| CVE-2013-3893 | 1 Microsoft | 1 Internet Explorer | 2021-05-17 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll. | |||||
| CVE-2021-27068 | 1 Microsoft | 1 Visual Studio 2019 | 2021-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2021-31177 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2021-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179. | |||||
| CVE-2021-31176 | 1 Microsoft | 4 365 Apps, Office, Office Online Server and 1 more | 2021-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179. | |||||
| CVE-2021-31178 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2021-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2021-31179 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2021-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177. | |||||
| CVE-2021-31914 | 2 Jetbrains, Microsoft | 2 Teamcity, Windows | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. | |||||
| CVE-2021-31461 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2021-05-14 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333. | |||||
| CVE-2021-31168 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208. | |||||
| CVE-2021-28479 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-05-14 | 2.1 LOW | 5.5 MEDIUM |
| Windows CSC Service Information Disclosure Vulnerability | |||||
| CVE-2021-31169 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208. | |||||
| CVE-2021-31776 | 2 Aviatrix, Microsoft | 2 Vpn Client, Windows | 2021-05-13 | 7.2 HIGH | 7.8 HIGH |
| Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. | |||||
| CVE-2021-31443 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13240. | |||||