Filtered by vendor Microsoft
Subscriptions
Total
23165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40454 | 1 Microsoft | 22 365 Apps, Office, Office Long Term Servicing Channel and 19 more | 2024-11-21 | 5.5 Medium |
| Rich Text Edit Control Information Disclosure Vulnerability | ||||
| CVE-2021-40453 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-40452 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-40448 | 1 Microsoft | 1 Accessibility Insights For Android | 2024-11-21 | 6.3 Medium |
| Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | ||||
| CVE-2021-40447 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2021-40443 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2024-11-21 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-40442 | 1 Microsoft | 8 365 Apps, Excel, Office and 5 more | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2021-40441 | 1 Microsoft | 7 Windows 7, Windows 8.1, Windows Rt 8.1 and 4 more | 2024-11-21 | 7.8 High |
| Windows Media Center Elevation of Privilege Vulnerability | ||||
| CVE-2021-40440 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | ||||
| CVE-2021-40326 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2024-11-21 | 5.5 Medium |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. | ||||
| CVE-2021-3848 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2024-11-21 | 5.5 Medium |
| An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-3718 | 3 Lenovo, Linux, Microsoft | 83 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 80 more | 2024-11-21 | 4.3 Medium |
| A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. | ||||
| CVE-2021-3641 | 2 Bitdefender, Microsoft | 2 Gravityzone, Windows | 2024-11-21 | 6.1 Medium |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | ||||
| CVE-2021-3626 | 2 Canonical, Microsoft | 2 Multipass, Windows | 2024-11-21 | 8.8 High |
| The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | ||||
| CVE-2021-3606 | 2 Microsoft, Openvpn | 2 Windows, Openvpn | 2024-11-21 | 7.8 High |
| OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). | ||||
| CVE-2021-3519 | 2 Lenovo, Microsoft | 119 Ideacentre 3-07imb05, Ideacentre 3-07imb05 Firmware, Ideacentre 310s-08igm and 116 more | 2024-11-21 | 6.4 Medium |
| A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. | ||||
| CVE-2021-3339 | 1 Microsoft | 1 Modernflow | 2024-11-21 | 4.3 Medium |
| ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | ||||
| CVE-2021-3146 | 2 Dolby, Microsoft | 5 Audio X2, Exchange Server, Visual C\+\+ and 2 more | 2024-11-21 | 7.8 High |
| The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. | ||||
| CVE-2021-3115 | 5 Fedoraproject, Golang, Microsoft and 2 more | 7 Fedora, Go, Windows and 4 more | 2024-11-21 | 7.5 High |
| Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | ||||
| CVE-2021-3042 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | 7.8 High |
| A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent. | ||||