ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
23797 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44230 | 2 Microsoft, Portswigger | 2 Windows, Burp Suite | 2024-11-21 | 6.5 Medium |
| PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files. | ||||
| CVE-2021-44226 | 2 Microsoft, Razer | 2 Windows, Synapse | 2024-11-21 | 7.3 High |
| Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. | ||||
| CVE-2021-44206 | 2 Acronis, Microsoft | 3 Cyber Protect Home Office, True Image, Windows | 2024-11-21 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | ||||
| CVE-2021-44205 | 2 Acronis, Microsoft | 3 Cyber Protect Home Office, True Image, Windows | 2024-11-21 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | ||||
| CVE-2021-44204 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 7.8 High |
| Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | ||||
| CVE-2021-44203 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2021-44202 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2021-44201 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2021-44200 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 5.4 Medium |
| Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2021-44199 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2024-11-21 | 5.5 Medium |
| DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 | ||||
| CVE-2021-44198 | 2 Acronis, Microsoft | 2 Cyber Protect, Windows | 2024-11-21 | 7.8 High |
| DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 | ||||
| CVE-2021-44050 | 2 Broadcom, Microsoft | 4 Ca Network Flow Analysis, Windows Server 2012, Windows Server 2016 and 1 more | 2024-11-21 | 6.5 Medium |
| CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data. | ||||
| CVE-2021-44024 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-21 | 7.1 High |
| A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-44023 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2021, Internet Security 2021 and 2 more | 2024-11-21 | 7.1 High |
| A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. | ||||
| CVE-2021-44022 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.5 Medium |
| A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-43940 | 2 Atlassian, Microsoft | 3 Confluence Data Center, Confluence Server, Windows | 2024-11-21 | 7.8 High |
| Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. | ||||
| CVE-2021-43908 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 4.3 Medium |
| Visual Studio Code Spoofing Vulnerability | ||||
| CVE-2021-43907 | 1 Microsoft | 1 Windows Subsystem For Linux | 2024-11-21 | 9.8 Critical |
| Visual Studio Code WSL Extension Remote Code Execution Vulnerability | ||||
| CVE-2021-43899 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2024-11-21 | 9.8 Critical |
| Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | ||||
| CVE-2021-43896 | 1 Microsoft | 2 Cbl Mariner, Powershell | 2024-11-21 | 5.5 Medium |
| Microsoft PowerShell Spoofing Vulnerability | ||||