Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41128 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-03-07 | N/A | 8.8 HIGH |
| Windows Scripting Languages Remote Code Execution Vulnerability | |||||
| CVE-2022-41091 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-03-07 | N/A | 5.4 MEDIUM |
| Windows Mark of the Web Security Feature Bypass Vulnerability | |||||
| CVE-2021-31199 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-03-07 | 4.6 MEDIUM | N/A |
| Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | |||||
| CVE-2021-1675 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-07 | 9.3 HIGH | N/A |
| Windows Print Spooler Remote Code Execution Vulnerability | |||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-03-07 | N/A | 7.0 HIGH |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | |||||
| CVE-2023-1018 | 2 Microsoft, Trustedcomputinggroup | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-03-07 | N/A | 5.5 MEDIUM |
| An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. | |||||
| CVE-2021-27059 | 1 Microsoft | 1 Office | 2025-03-07 | 8.5 HIGH | N/A |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-34523 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 7.5 HIGH | N/A |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2021-36942 | 1 Microsoft | 6 Windows Server 2004, Windows Server 2008, Windows Server 2012 and 3 more | 2025-03-07 | 5.0 MEDIUM | N/A |
| Windows LSA Spoofing Vulnerability | |||||
| CVE-2021-36948 | 1 Microsoft | 8 Windows 10 1809, Windows 10 1909, Windows 10 2004 and 5 more | 2025-03-07 | 4.6 MEDIUM | N/A |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-38645 | 1 Microsoft | 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics \(lad\) and 7 more | 2025-03-07 | 4.6 MEDIUM | N/A |
| Open Management Infrastructure Elevation of Privilege Vulnerability | |||||
| CVE-2021-31196 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 6.5 MEDIUM | N/A |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-30282 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-03-07 | N/A | N/A |
| Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-47986 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-03-07 | N/A | 9.8 CRITICAL |
| IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512. | |||||
| CVE-2022-45449 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-03-07 | N/A | 6.5 MEDIUM |
| Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||||
| CVE-2020-1472 | 8 Canonical, Debian, Fedoraproject and 5 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-03-07 | 9.3 HIGH | N/A |
| An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. | |||||
| CVE-2021-26857 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 6.8 MEDIUM | N/A |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-1647 | 1 Microsoft | 20 Security Essentials, System Center Endpoint Protection, Windows 10 1507 and 17 more | 2025-03-07 | 7.2 HIGH | N/A |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 7.5 HIGH | N/A |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26858 | 1 Microsoft | 1 Exchange Server | 2025-03-07 | 6.8 MEDIUM | N/A |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||