Filtered by vendor Microsoft
Subscriptions
Total
23019 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2024-11-21 | 7.6 High |
| A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. | ||||
| CVE-2021-41371 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 4.4 Medium |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||||
| CVE-2021-41370 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 7.8 High |
| NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2021-41368 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 6.1 Medium |
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2021-41367 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-11-21 | 7.8 High |
| NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2021-41366 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2024-11-21 | 7.8 High |
| Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability | ||||
| CVE-2021-41365 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | 8.8 High |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2021-41363 | 1 Microsoft | 1 Intune Management Extension | 2024-11-21 | 4.2 Medium |
| Intune Management Extension Security Feature Bypass Vulnerability | ||||
| CVE-2021-41361 | 1 Microsoft | 5 Windows Server 2004, Windows Server 2016, Windows Server 2019 and 2 more | 2024-11-21 | 5.4 Medium |
| Active Directory Federation Server Spoofing Vulnerability | ||||
| CVE-2021-41360 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2021-41356 | 1 Microsoft | 14 Windows 10, Windows 10 1507, Windows 10 1607 and 11 more | 2024-11-21 | 7.5 High |
| Windows Denial of Service Vulnerability | ||||
| CVE-2021-41355 | 2 Microsoft, Redhat | 6 .net, Powershell, Powershell Core and 3 more | 2024-11-21 | 5.7 Medium |
| .NET Core and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2021-41354 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2021-41353 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | ||||
| CVE-2021-41352 | 1 Microsoft | 1 System Center Operations Manager | 2024-11-21 | 7.5 High |
| SCOM Information Disclosure Vulnerability | ||||
| CVE-2021-41351 | 1 Microsoft | 4 Edge, Windows 10, Windows 11 and 1 more | 2024-11-21 | 4.3 Medium |
| Microsoft Edge (Chrome based) Spoofing on IE Mode | ||||
| CVE-2021-41350 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.5 Medium |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2021-41349 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.5 Medium |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2021-41348 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 8 High |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| CVE-2021-41347 | 1 Microsoft | 14 Windows 10, Windows 10 1507, Windows 10 1607 and 11 more | 2024-11-21 | 7.8 High |
| Windows AppX Deployment Service Elevation of Privilege Vulnerability | ||||