CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 45/121 • 14517 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14517 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-10-29
High

CVE-2021-22037

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the sea…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-10-28
High

CVE-2021-3579

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local at…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-10-27
Medium

CVE-2021-1117

Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may caus…

CVSS: 4.7 CWE: CWE-129 - Improper Validation of Array Index View on NVD
Medium

CVE-2021-1116

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a de…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2021-1115

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2021-10-26
Medium

CVE-2021-23877

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spe…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-10-25
Critical

CVE-2021-40371

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetV…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-10-21
High

CVE-2021-41146

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With cert…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Critical

CVE-2020-27304

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request A…

CVSS: 9.8 CWE: CWE-23 - Relative Path Traversal View on NVD
Critical

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the outp…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2021-10-20
High

CVE-2021-35583

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthentica…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-35538

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low pr…

CVSS: 7.8 CWE: N/A View on NVD
2021-10-19
High

CVE-2021-30849

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-30847

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Proces…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-30835

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously c…

CVSS: 7.8 CWE: N/A View on NVD
2021-10-13
High

CVE-2021-3057

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary…

CVSS: 8.1 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2021-41347

Windows AppX Deployment Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-41343

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-41342

Windows MSHTML Platform Remote Code Execution Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2021-41340

Windows Graphics Component Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-41338

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-41336

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-41335

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-41334

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-41332

Windows Print Spooler Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-41331

Windows Media Audio Decoder Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-41330

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-40477

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40476

Windows AppContainer Elevation Of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2021-40475

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-40469

Windows DNS Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2021-40468

Windows Bind Filter Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-40467

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40466

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40465

Windows Text Shaping Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-40464

Windows Nearby Sharing Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40463

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2021-40462

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-40461

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
Medium

CVE-2021-40460

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-40456

Windows AD FS Security Feature Bypass Vulnerability

CVSS: 5.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2021-40455

Windows Installer Spoofing Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-40443

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38672

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 8.0 CWE: N/A View on NVD
Medium

CVE-2021-38663

Windows exFAT File System Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-38662

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-36970

Windows Print Spooler Spoofing Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-36953

Windows TCP/IP Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2021-26442

Windows HTTP.sys Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
2021-10-12
Medium

CVE-2021-35214

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windo…

CVSS: 4.8 CWE: CWE-613 - Insufficient Session Expiration View on NVD
2021-10-08
High

CVE-2021-37969

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2021-37958

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.

CVSS: 5.4 CWE: N/A View on NVD
Critical

CVE-2021-35977

An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2021-10-06
Medium

CVE-2021-21683

The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Ov…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2021-21682

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Window…

CVSS: 4.3 CWE: N/A View on NVD
2021-10-05
High

CVE-2021-41116

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should u…

CVSS: 8.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2021-10-04
Medium

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when…

CVSS: 5.3 CWE: CWE-24 - Path Traversal: '../filedir' View on NVD
2021-10-01
High

CVE-2021-23893

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an un…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-3626

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege e…

CVSS: 8.8 CWE: CWE-73 - External Control of File Name or Path View on NVD
2021-09-29
Critical

CVE-2021-36745

A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netwa…

CVSS: 9.8 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
2021-09-28
High

CVE-2021-36286

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS cal…

CVSS: 7.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-09-27
High

CVE-2021-34412

During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated priv…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-34411

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched w…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-34408

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2021-33907

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This coul…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2021-09-24
High

CVE-2021-28130

Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-09-22
High

CVE-2021-31847

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would…

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-31841

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific loc…

CVSS: 8.2 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2021-31836

Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from an…

CVSS: 5.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38112

In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (…

CVSS: 8.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2021-09-20
High

CVE-2020-26301

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lea…

CVSS: 7.5 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2021-09-17
High

CVE-2021-31844

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing…

CVSS: 8.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2021-31843

Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have acc…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2021-31842

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption result…

CVSS: 5.0 CWE: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') View on NVD
2021-09-16
High

CVE-2021-29825

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-29763

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run…

CVSS: 5.1 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2021-09-15
High

CVE-2021-40447

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-40444

<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerabil…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-38671

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38667

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38638

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-38637

Windows Storage Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-38636

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-38635

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-38634

Microsoft Windows Update Client Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38633

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38630

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-38629

Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-38628

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38626

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-38625

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-38624

Windows Key Storage Provider Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2021-36974

Windows SMB Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-36973

Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-36972

Windows SMB Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-36969

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-36968

Windows DNS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-36967

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-36966

Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-36965

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2021-36964

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-36963

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-36962

Windows Installer Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-36961

Windows Installer Denial of Service Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-36960

Windows SMB Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-36959

Windows Authenticode Spoofing Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-36955

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-36954

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-26435

Windows Scripting Engine Memory Corruption Vulnerability

CVSS: 8.1 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-09-14
Critical

CVE-2021-37181

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Com…

CVSS: 10.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2021-09-09
High

CVE-2021-32833

Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.…

CVSS: 8.6 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2021-09-08
High

CVE-2021-30605

Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary ac…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2021-36216

LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2021-1857

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iClou…

CVSS: 6.5 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2021-1825

An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2021-1811

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 1…

CVSS: 6.5 CWE: N/A View on NVD
2021-09-07
High

CVE-2021-38142

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that trie…

CVSS: 8.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2021-08-31
High

CVE-2021-39134

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contract…

CVSS: 8.2 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
High

CVE-2021-37713

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-37712

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD