Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25248 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-08-03 | 5.5 Medium |
| An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25242 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-08-03 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | ||||
| CVE-2021-25234 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-08-03 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. | ||||
| CVE-2021-25247 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-08-03 | 7.8 High |
| A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. | ||||
| CVE-2021-25231 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-08-03 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | ||||
| CVE-2021-25249 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-08-03 | 7.8 High |
| An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25238 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2024-08-03 | 5.3 Medium |
| An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. | ||||
| CVE-2021-25237 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-03 | 5.3 Medium |
| An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | ||||
| CVE-2021-23827 | 4 Apple, Keybase, Microsoft and 1 more | 4 Macos, Keybase, Windows and 1 more | 2024-08-03 | 5.5 Medium |
| Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker. | ||||
| CVE-2021-23217 | 3 Linux, Microsoft, Nvidia | 65 Linux Kernel, Windows, Geforce Gt 605 and 62 more | 2024-08-03 | 7.5 High |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or availability. The scope impact may extend to other components. | ||||
| CVE-2021-23175 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-08-03 | 8.2 High |
| NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream. | ||||
| CVE-2021-23201 | 3 Linux, Microsoft, Nvidia | 37 Linux Kernel, Windows, Geforce Gtx 950 and 34 more | 2024-08-03 | 7.5 High |
| NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable microcode. Such an attack could lead to information disclosure, data corruption, or denial of service of the device. The scope may extend to other components. | ||||
| CVE-2021-23219 | 3 Linux, Microsoft, Nvidia | 137 Linux Kernel, Windows, Dgx-1 P100 and 134 more | 2024-08-03 | 4.1 Medium |
| NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable microcode. Such an attack may lead to information disclosure. | ||||
| CVE-2021-23139 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-08-03 | 7.5 High |
| A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. | ||||
| CVE-2021-22921 | 3 Microsoft, Nodejs, Siemens | 3 Windows, Node.js, Sinec Infrastructure Network Services | 2024-08-03 | 7.8 High |
| Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. | ||||
| CVE-2021-22117 | 2 Microsoft, Vmware | 2 Windows, Rabbitmq | 2024-08-03 | 7.8 High |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | ||||
| CVE-2021-22004 | 3 Fedoraproject, Microsoft, Saltstack | 3 Fedora, Windows, Salt | 2024-08-03 | 6.4 Medium |
| An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. | ||||
| CVE-2021-21988 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-08-03 | 6.5 Medium |
| VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. | ||||
| CVE-2021-21989 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2024-08-03 | 6.5 Medium |
| VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed. | ||||
| CVE-2021-21997 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-08-03 | 5.5 Medium |
| VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest operating system, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest operating system. | ||||