Filtered by vendor Microsoft
Subscribe
Total
21897 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37705 | 1 Microsoft | 1 Onefuzz | 2024-11-21 | 6.8 MEDIUM | 10.0 CRITICAL |
| OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option. | |||||
| CVE-2021-37595 | 2 Freerdp, Microsoft | 2 Freerdp, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. | |||||
| CVE-2021-37594 | 2 Freerdp, Microsoft | 2 Freerdp, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. | |||||
| CVE-2021-36975 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-36974 | 1 Microsoft | 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows SMB Elevation of Privilege Vulnerability | |||||
| CVE-2021-36973 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability | |||||
| CVE-2021-36972 | 1 Microsoft | 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows SMB Information Disclosure Vulnerability | |||||
| CVE-2021-36970 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| Windows Print Spooler Spoofing Vulnerability | |||||
| CVE-2021-36969 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | |||||
| CVE-2021-36968 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows DNS Elevation of Privilege Vulnerability | |||||
| CVE-2021-36967 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 5.8 MEDIUM | 8.0 HIGH |
| Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-36966 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||
| CVE-2021-36965 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| Windows WLAN AutoConfig Service Remote Code Execution Vulnerability | |||||
| CVE-2021-36964 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2021-36963 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-36962 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Installer Information Disclosure Vulnerability | |||||
| CVE-2021-36961 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Windows Installer Denial of Service Vulnerability | |||||
| CVE-2021-36960 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Windows SMB Information Disclosure Vulnerability | |||||
| CVE-2021-36959 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Windows Authenticode Spoofing Vulnerability | |||||
| CVE-2021-36958 | 1 Microsoft | 1 Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> | |||||