CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43211 269 2021-11-24 2021-11-30
6.6
None Local Low Not required None Complete Complete
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42297.
2 CVE-2021-43209 Exec Code 2021-11-10 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43208.
3 CVE-2021-43208 94 Exec Code 2021-11-10 2021-11-15
6.8
None Remote Medium Not required Partial Partial Partial
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209.
4 CVE-2021-42321 Exec Code 2021-11-10 2021-11-10
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Exchange Server Remote Code Execution Vulnerability
5 CVE-2021-42316 Exec Code 2021-11-10 2021-11-15
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
6 CVE-2021-42297 59 2021-11-24 2021-11-29
6.9
None Local Medium Not required Complete Complete Complete
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43211.
7 CVE-2021-42296 94 Exec Code 2021-11-10 2021-11-13
6.9
None Local Medium Not required Complete Complete Complete
Microsoft Word Remote Code Execution Vulnerability
8 CVE-2021-42292 863 Bypass 2021-11-10 2021-11-10
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Security Feature Bypass Vulnerability
9 CVE-2021-42291 269 2021-11-10 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287.
10 CVE-2021-42287 269 2021-11-10 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.
11 CVE-2021-42282 269 2021-11-10 2021-11-13
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42287, CVE-2021-42291.
12 CVE-2021-42278 269 2021-11-10 2021-11-12
6.5
None Remote Low ??? Partial Partial Partial
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291.
13 CVE-2021-42276 Exec Code 2021-11-10 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
14 CVE-2021-42275 Exec Code 2021-11-10 2021-11-12
6.5
None Remote Low ??? Partial Partial Partial
Microsoft COM for Windows Remote Code Execution Vulnerability
15 CVE-2021-41378 Exec Code 2021-11-10 2021-11-12
6.5
None Remote Low ??? Partial Partial Partial
Windows NTFS Remote Code Execution Vulnerability
16 CVE-2021-41372 352 2021-11-10 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Power BI Report Server Spoofing Vulnerability
17 CVE-2021-41368 Exec Code 2021-11-10 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Access Remote Code Execution Vulnerability
18 CVE-2021-41344 Exec Code 2021-10-13 2021-11-04
6.5
None Remote Low ??? Partial Partial Partial
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.
19 CVE-2021-41342 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Windows MSHTML Platform Remote Code Execution Vulnerability
20 CVE-2021-41340 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Windows Graphics Component Remote Code Execution Vulnerability
21 CVE-2021-41331 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Windows Media Audio Decoder Remote Code Execution Vulnerability
22 CVE-2021-41330 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
23 CVE-2021-40487 Exec Code 2021-10-13 2021-11-04
6.5
None Remote Low ??? Partial Partial Partial
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.
24 CVE-2021-40486 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Word Remote Code Execution Vulnerability
25 CVE-2021-40485 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479.
26 CVE-2021-40481 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40480.
27 CVE-2021-40480 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40481.
28 CVE-2021-40479 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40485.
29 CVE-2021-40476 269 2021-10-13 2021-11-11
6.8
None Remote Medium Not required Partial Partial Partial
Windows AppContainer Elevation Of Privilege Vulnerability
30 CVE-2021-40474 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40479, CVE-2021-40485.
31 CVE-2021-40473 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
32 CVE-2021-40471 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
33 CVE-2021-40469 Exec Code 2021-10-13 2021-10-19
6.5
None Remote Low ??? Partial Partial Partial
Windows DNS Server Remote Code Execution Vulnerability
34 CVE-2021-40465 Exec Code 2021-10-13 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Windows Text Shaping Remote Code Execution Vulnerability
35 CVE-2021-40462 Exec Code 2021-10-13 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
36 CVE-2021-40444 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft MSHTML Remote Code Execution Vulnerability
37 CVE-2021-40442 Exec Code 2021-11-10 2021-11-10
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability
38 CVE-2021-38666 Exec Code 2021-11-10 2021-11-10
6.8
None Remote Medium Not required Partial Partial Partial
Remote Desktop Client Remote Code Execution Vulnerability
39 CVE-2021-38661 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
HEVC Video Extensions Remote Code Execution Vulnerability
40 CVE-2021-38660 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38658.
41 CVE-2021-38659 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Remote Code Execution Vulnerability
42 CVE-2021-38658 843 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660.
43 CVE-2021-38656 416 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Word Remote Code Execution Vulnerability
44 CVE-2021-38655 416 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability
45 CVE-2021-38654 129 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38653.
46 CVE-2021-38653 787 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38654.
47 CVE-2021-38646 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
48 CVE-2021-38644 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
49 CVE-2021-37705 346 Exec Code 2021-08-13 2021-08-30
6.8
None Remote Medium Not required Partial Partial Partial
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option.
50 CVE-2021-36952 787 Exec Code 2021-09-15 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Remote Code Execution Vulnerability
Total number of vulnerabilities : 831   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.