Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 15062 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39821 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2021-12-01 6.8 MEDIUM 7.8 HIGH
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.
CVE-2021-44230 2 Microsoft, Portswigger 2 Windows, Burp Suite 2021-12-01 4.0 MEDIUM 6.5 MEDIUM
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.
CVE-2020-7880 2 Douzone, Microsoft 2 Neors, Windows 2021-12-01 9.3 HIGH 8.8 HIGH
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
CVE-2021-26612 2 Microsoft, Tobesoft 2 Windows, Nexacro 2021-12-01 7.5 HIGH 9.8 CRITICAL
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
CVE-2020-1171 1 Microsoft 1 Visual Studio Code 2021-12-01 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.
CVE-2020-1192 1 Microsoft 1 Visual Studio Code 2021-12-01 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.
CVE-2017-3085 6 Adobe, Apple, Google and 3 more 11 Flash Player, Mac Os X, Macos and 8 more 2021-12-01 5.0 MEDIUM 7.5 HIGH
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
CVE-2020-17049 1 Microsoft 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 2021-11-30 9.0 HIGH 7.2 HIGH
Kerberos Security Feature Bypass Vulnerability
CVE-2021-38648 1 Microsoft 10 Azure Automation State Configuration, Azure Automation Update Management, Azure Diagnostics \(lad\) and 7 more 2021-11-30 4.6 MEDIUM 7.8 HIGH
Open Management Infrastructure Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38645, CVE-2021-38649.
CVE-2021-44199 2 Acronis, Microsoft 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more 2021-11-30 1.9 LOW 5.5 MEDIUM
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
CVE-2021-44198 2 Acronis, Microsoft 2 Cyber Protect, Windows 2021-11-30 4.4 MEDIUM 7.8 HIGH
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
CVE-2021-40449 1 Microsoft 11 Windows 10, Windows 11, Windows 7 and 8 more 2021-11-30 4.6 MEDIUM 7.8 HIGH
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
CVE-2021-0012 2 Intel, Microsoft 3 Graphics Driver, Graphics Drivers, Windows 2021-11-30 2.1 LOW 5.5 MEDIUM
Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-7881 2 Afreecatv, Microsoft 2 Afreecatv, Windows 2021-11-30 6.5 MEDIUM 8.8 HIGH
The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.
CVE-2021-43221 1 Microsoft 1 Edge Chromium 2021-11-30 4.0 MEDIUM 4.2 MEDIUM
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2021-40833 3 Apple, F-secure, Microsoft 7 Macos, Atlant, Elements Endpoint Protection and 4 more 2021-11-30 4.3 MEDIUM 5.5 MEDIUM
A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVE-2021-44200 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2021-11-30 3.5 LOW 5.4 MEDIUM
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44202 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2021-11-30 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44201 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2021-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
CVE-2021-44203 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2021-11-30 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035