Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Microsoft Subscribe
Total 17397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-29604 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2021-01-29 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information.
CVE-2020-29605 2 Mantisbt, Microsoft 2 Mantisbt, Windows 2021-01-29 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)
CVE-2020-4949 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2021-01-29 6.4 MEDIUM 8.2 HIGH
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
CVE-2021-2018 2 Microsoft, Oracle 7 Windows, Adaptive Access Manager, Advanced Networking Option and 4 more 2021-01-25 5.1 MEDIUM 8.3 HIGH
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2021-21009 3 Adobe, Linux, Microsoft 3 Campaign Classic, Linux Kernel, Windows 2021-01-21 5.0 MEDIUM 8.6 HIGH
Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.
CVE-2021-1704 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2021-01-21 7.2 HIGH 7.8 HIGH
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2021-1701 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-21 9.0 HIGH 8.8 HIGH
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700.
CVE-2021-1703 1 Microsoft 2 Windows 10, Windows Server 2016 2021-01-21 7.2 HIGH 7.8 HIGH
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2021-1709 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-21 7.2 HIGH 7.8 HIGH
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1699 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 2.1 LOW 5.5 MEDIUM
Windows (modem.sys) Information Disclosure Vulnerability
CVE-2021-1696 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 4.3 MEDIUM 5.5 MEDIUM
Windows Graphics Component Information Disclosure Vulnerability
CVE-2021-1700 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 9.0 HIGH 8.8 HIGH
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1701.
CVE-2021-1702 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 7.2 HIGH 7.8 HIGH
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
CVE-2021-1694 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 7.5 HIGH 9.8 CRITICAL
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2021-1668 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 9.3 HIGH 7.8 HIGH
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
CVE-2021-1693 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 7.2 HIGH 7.8 HIGH
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688.
CVE-2021-1691 1 Microsoft 2 Windows 10, Windows Server 2016 2021-01-20 4.0 MEDIUM 7.7 HIGH
Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1692.
CVE-2021-1692 1 Microsoft 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more 2021-01-20 4.0 MEDIUM 7.7 HIGH
Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE-2021-1691.
CVE-2021-1667 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2021-01-20 9.0 HIGH 8.8 HIGH
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
CVE-2021-1705 1 Microsoft 4 Edge, Windows 10, Windows Server 2016 and 1 more 2021-01-20 7.6 HIGH 7.5 HIGH
Microsoft Edge (HTML-based) Memory Corruption Vulnerability