| cveID |
vendorProject |
product |
vulnerabilityName |
dateAdded |
shortDescription |
requiredAction |
dueDate |
| CVE-2014-4404 |
Apple |
OS X |
Apple OS X Heap-Based Buffer Overflow Vulnerability |
2/10/2022 |
Heap-based buffer overflow in IOHIDFamily in Apple OS X,
which affects, iOS before 8 and Apple TV before 7, allows attackers to
execute arbitrary code in a privileged context. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2015-1130 |
Apple |
OS X |
Apple OS X Authentication Bypass Vulnerability |
2/10/2022 |
The XPC implementation in Admin Framework in Apple OS X
before 10.10.3 allows local users to bypass authentication and obtain admin
privileges. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2019-6223 |
Apple |
FaceTime |
Apple FaceTime Vulnerability |
11/3/2021 |
A logic issue existed in the handling of Group FaceTime
calls. The issue was addressed with improved state management. This issue is
fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator
of a Group FaceTime call may be able to cause the recipient to answer. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-27930 |
Apple |
iOS and macOS |
Apple iOS and macOS FontParser RCE |
11/3/2021 |
A memory corruption issue was addressed with improved
input validation. Processing a maliciously crafted font may lead to arbitrary
code execution. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-27932 |
Apple |
iOS and macOS |
Apple iOS and macOS Kernel Type Confusion Vulnerability |
11/3/2021 |
A malicious application may be able to execute arbitrary
code with kernel privileges. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-27950 |
Apple |
iOS and macOS |
Apple iOS and macOS Kernel Memory Initialization
Vulnerability |
11/3/2021 |
A malicious application may be able to disclose kernel
memory. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-9818 |
Apple |
iOS Mail |
Apple iOS Mail OOB Vulnerability |
11/3/2021 |
Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-9819 |
Apple |
iOS Mail |
Apple iOS Mail Heap Overflow Vulnerability |
11/3/2021 |
Processing a maliciously crafted mail message may lead to
heap corruption. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-9859 |
Apple |
iOS and iPadOS |
Apple 11-13.5 XNU Kernel Vulnerability |
11/3/2021 |
A memory consumption issue was addressed with improved
memory handling. An application may be able to execute arbitrary code with
kernel privileges. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2021-1782 |
Apple |
iOS |
Apple iOS Privilege Escalation and Code Execution Chain |
11/3/2021 |
A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-1870 |
Apple |
iOS |
Apple iOS Privilege Escalation and Code Execution Chain |
11/3/2021 |
A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been actively
exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-1871 |
Apple |
iOS |
Apple iOS Privilege Escalation and Code Execution Chain |
11/3/2021 |
A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been actively
exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-1879 |
Apple |
iOS |
Apple iOS Webkit Browser Engine XSS |
11/3/2021 |
Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this issue
may have been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30657 |
Apple |
macOS |
Apple macOS Policy Subsystem Gatekeeper Bypass |
11/3/2021 |
A malicious application may bypass Gatekeeper checks.
Apple is aware of a report that this issue may have been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30661 |
Apple |
iOS |
Apple iOS Webkit Storage Use-After-Free RCE |
11/3/2021 |
Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may have
been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30663 |
Apple |
Safari |
Apple Safari Webkit Browser Engine Integer Overflow
Vulnerability |
11/3/2021 |
Integer overflow. Processing maliciously crafted web
content may lead to arbitrary code execution. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30665 |
Apple |
Safari |
Apple Safari Webkit Browser Engine Buffer Overflow
Vulnerability |
11/3/2021 |
Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may have
been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30666 |
Apple |
iOS |
Apple iOS12.x Buffer Overflow |
11/3/2021 |
Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may have
been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30713 |
Apple |
macOS |
Apple macOS Input Validation Error |
11/3/2021 |
A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30761 |
Apple |
iOS |
Apple WebKit Browser Engine Memory Corruption
Vulnerability |
11/3/2021 |
Memory corruption issue. Processing maliciously crafted
web content may lead to arbitrary code execution. Apple is aware of a report
that this issue may have been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30762 |
Apple |
iOS |
Apple WebKit Browser Engine Use After Free Vulnerability |
11/3/2021 |
Use after free issue. Processing maliciously crafted web
content may lead to arbitrary code execution. Apple is aware of a report that
this issue may have been actively exploited. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30807 |
Apple |
iOS and macOS |
Apple iOS and macOS IOMobileFrameBuffer Memory Corruption
Vulnerability |
11/3/2021 |
|
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30858 |
Apple |
iOS and iPadOS |
Apple Apple iOS and iPadOS Use-After-Free |
11/3/2021 |
Apple iOS and iPadOS Arbitrary Code Execution |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30860 |
Apple |
iOS |
Apple iOS "FORCEDENTRY" Remote Code Execution |
11/3/2021 |
An integer overflow was addressed with improved input
validation vulnerability affecting iOS devices that allows for remote code
execution. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-30869 |
Apple |
iOS, macOS, and iPadOS |
Apple XNU Kernel Type Confusion |
11/3/2021 |
Apple XNU kernel contains a type confusion vulnerability
which allows a malicious application to execute arbitrary code with kernel
privileges. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2022-22587 |
Apple |
IOMobileFrameBuffer |
Apple IOMobileFrameBuffer Memory Corruption Vulnerability |
1/28/2022 |
Apple IOMobileFrameBuffer contains a memory corruption
vulnerability which can allow a malicious application to execute arbitrary
code with kernel privileges. |
Apply updates per vendor
instructions. |
2/11/2022 |
| CVE-2022-22620 |
Apple |
Webkit |
Apple Webkit Remote Code Execution Vulnerability |
2/11/2022 |
Apple Webkit, which impacts iOS, iPadOS, and macOS,
contains a vulnerability which allows for remote code execution. |
Apply updates per vendor
instructions. |
2/25/2022 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| CVE-2012-0158 |
Microsoft |
MSCOMCTL.OCX |
Microsoft MSCOMCTL.OCX RCE Vulnerability |
11/3/2021 |
Allows remote attackers to execute arbitrary code via a
crafted (a) web site, (b) Office document, or (c) .rtf file that triggers
"system state" corruption, as exploited in the wild in April 2012,
aka "MSCOMCTL.OCX RCE Vulnerability. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2013-3900 |
Windows |
WinVerifyTrust function |
Microsoft WinVerifyTrust function Remote Code Execution |
1/10/2022 |
A remote code execution vulnerability exists in the way
that the WinVerifyTrust function handles Windows Authenticode signature
verification for PE files. |
Apply updates per vendor
instructions. |
7/10/2022 |
| CVE-2013-3906 |
Microsoft |
Graphics Component |
Microsoft Graphics Component Memory Corruption
Vulnerability |
2/15/2022 |
Microsoft Graphics Component contains a memory corruption
vulnerability which can allow for remote code execution. |
Apply updates per vendor
instructions. |
8/15/2022 |
| CVE-2014-1761 |
Microsoft |
Word |
Microsoft Word Memory Corruption Vulnerability |
2/15/2022 |
Microsoft Word contains a memory corruption vulnerability
which when exploited could allow for remote code execution. |
Apply updates per vendor
instructions. |
8/15/2022 |
| CVE-2014-1776 |
Microsoft |
Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability |
1/28/2022 |
Microsoft Internet Explorer 6 - 11 contains a
use-after-free vulnerability which can allow for arbitrary code execution or
denial of service. |
Apply updates per vendor
instructions. |
7/28/2022 |
| CVE-2014-1812 |
Microsoft |
Windows Group Policy |
Microsoft Windows Group Policy Privilege Escalation |
11/3/2021 |
Allows remote authenticated users to obtain sensitive
credential information and consequently gain privileges by leveraging access
to the SYSVOL share, as exploited in the wild in May 2014, aka "Group
Policy Preferences Password Elevation of Privilege Vulnerability." |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2014-6352 |
Microsoft |
Windows |
Microsoft Windows Code Injection Vulnerability |
2/25/2022 |
Microsoft Windows allow remote attackers to execute
arbitrary code via a crafted OLE object. |
Apply updates per vendor
instructions. |
8/25/2022 |
| CVE-2015-1635 |
Microsoft |
HTTP.sys |
Microsoft HTTP.sys Remote Code Execution Vulnerability |
2/10/2022 |
Microsoft HTTP protocol stack (HTTP.sys) contains a
vulnerability which allows for remote code execution. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2015-1641 |
Microsoft |
Microsoft Office |
Microsoft Office Memory Corruption vulnerability |
11/3/2021 |
Allows remote attackers to execute arbitrary code via a
crafted RTF document, aka "Microsoft Office Memory Corruption
Vulnerability." |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2016-0167 |
Microsoft |
Windows Kernel |
Microsoft Windows Kernel 'Win32k.sys' Local Privilege
Escalation Vulnerability |
11/3/2021 |
The kernel-mode driver allows local users to gain
privileges via a crafted application, aka "Win32k Elevation of Privilege
Vulnerability," a different vulnerability than CVE-2016-0143 and
CVE-2016-0165. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2016-0185 |
Microsoft |
Windows Media Center |
Microsoft Windows Media Center RCE vulnerability |
11/3/2021 |
Media Center allows remote attackers to execute arbitrary
code via a crafted Media Center link (aka .mcl) file, aka "Windows Media
Center Remote Code Execution Vulnerability." |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2016-3235 |
Microsoft |
Microsoft Visio/Office |
Microsoft Visio/Office OLE DLL Side Loading vulnerability |
11/3/2021 |
Allows local users to gain privileges via a crafted
application, aka "Microsoft Office OLE DLL Side Loading
Vulnerability." |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2016-7255 |
Microsoft |
Windows, Windows Server |
Microsoft Windows Vista, 7, 8.1, 10 and Windows Server
2008, 2012, and 2016 Win32k Privilege Escalation Vulnerability |
11/3/2021 |
The kernel-mode drivers allow local users to gain
privileges via a crafted application, aka "Win32k Elevation of Privilege
Vulnerability" |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2017-0143 |
Microsoft |
SMBv1 server |
Windows SMBv1 Remote Code Execution Vulnerability |
11/3/2021 |
The SMBv1 server allows remote attackers to execute
arbitrary code via crafted packets, aka "Windows SMB Remote Code
Execution Vulnerability." This vulnerability is different from those
described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2017-0144 |
Microsoft |
SMBv1 |
Microsoft SMBv1 Remote Code Execution Vulnerability |
2/10/2022 |
The SMBv1 server in multiple Microsoft Windows versions
allows remote attackers to execute arbitrary code via crafted packets. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2017-0145 |
Microsoft |
SMBv1 |
Microsoft SMBv1 Remote Code Execution Vulnerability |
2/10/2022 |
The SMBv1 server in multiple Microsoft Windows versions
allows remote attackers to execute arbitrary code via crafted packets. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2017-0199 |
Microsoft |
Windows, Windows Server, Microsoft Office |
Microsoft Office/WordPad Remote Code Execution
Vulnerability with Windows API |
11/3/2021 |
Allows remote attackers to execute arbitrary code via a
crafted document, aka "Microsoft Office/WordPad Remote Code Execution
Vulnerability w/Windows API." |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2017-0222 |
Microsoft |
Internet Explorer |
Microsoft Internet Explorer Remote Code Execution
Vulnerability |
2/25/2022 |
A remote code execution vulnerability exists when Internet
Explorer improperly accesses objects in memory. |
Apply updates per vendor
instructions. |
8/25/2022 |
| CVE-2017-0262 |
Microsoft |
Office |
Microsoft Office Remote Code Execution Vulnerability |
2/10/2022 |
A remote code execution vulnerability exists in Microsoft
Office. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2017-0263 |
Microsoft |
Win32k |
Microsoft Win32k Privilege Escalation Vulnerability |
2/10/2022 |
Microsoft Win32k contains a privilege escalation
vulnerability due to the Windows kernel-mode driver failing to properly
handle objects in memory. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2017-11774 |
Microsoft |
Microsoft Outlook |
Microsoft Outlook Security Feature Bypass Vulnerability |
11/3/2021 |
Allows an attacker to execute arbitrary commands, due to
how Microsoft Office handles objects in memory, aka "Microsoft Outlook
Security Feature Bypass Vulnerability." |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2017-11882 |
Microsoft |
Microsoft Office |
Microsoft Office memory corruption vulnerability |
11/3/2021 |
Allows an attacker to run arbitrary code in the context of
the current user by failing to properly handle objects in memory, aka
"Microsoft Office Memory Corruption Vulnerability". This CVE ID is
unique from CVE-2017-11884. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2017-7269 |
Microsoft |
Internet Information Services (IIS) |
Windows Server 2003 R2 IIS WEBDAV buffer overflow RCE
vulnerability (COVID-19-CTI list) |
11/3/2021 |
Buffer overflow in the ScStoragePathFromUrl function in
the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft
Windows Server 2003 R2 allows remote attackers to execute arbitrary code via
a long header beginning with "If: <http://" in a PROPFIND
request. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2017-8464 |
Microsoft |
Windows Shell (.lnk) |
Microsoft Windows Shell (.lnk) Remote Code Execution
Vulnerability |
2/10/2022 |
Windows Shell in multiple versions of Microsoft Windows
allows local users or remote attackers to execute arbitrary code via a
crafted .LNK file |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2017-8570 |
Microsoft |
Office |
Microsoft Office Remote Code Execution Vulnerability |
2/25/2022 |
A remote code execution vulnerability exists in Microsoft
Office software when it fails to properly handle objects in memory. |
Apply updates per vendor
instructions. |
8/25/2022 |
| CVE-2017-8759 |
Microsoft |
Microsoft .NET Framework |
.NET Framework Remote Code Execution vulnerability |
11/3/2021 |
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6,
4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a
malicious document or application. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2018-0798 |
Microsoft |
Microsoft Office |
Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
11/3/2021 |
Allows a remote code execution vulnerability due to the
way objects are handled in memory, aka "Microsoft Office Memory
Corruption Vulnerability". |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2018-0802 |
Microsoft |
Microsoft Office |
Microsoft Office 2007 - 2016 Backdoor Exploitation Chain |
11/3/2021 |
Allows a remote code execution vulnerability due to the
way objects are handled in memory, aka "Microsoft Office Memory
Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and
CVE-2018-0812. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2018-8174 |
Microsoft |
Windows VBScript Engine |
Microsoft Windows VBScript Engine Out-of-Bounds Write
Vulnerability |
2/15/2022 |
A remote code execution vulnerability exists in the way
that the VBScript engine handles objects in memory, aka "Windows
VBScript Engine Remote Code Execution" |
Apply updates per vendor
instructions. |
8/15/2022 |
| CVE-2018-8453 |
Microsoft |
Win32K |
Microsoft Windows Win32k Privilege Escalation
Vulnerability |
1/21/2022 |
Microsoft Windows Win32k contains a vulnerability which
allows an attacker to escalate privileges. |
Apply updates per vendor
instructions. |
7/21/2022 |
| CVE-2018-8653 |
Microsoft |
Internet Explorer Scripting Engine |
Microsoft Internet Explorer Scripting Engine JScript
Memory Corruption Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer, aka
"Scripting Engine Memory Corruption Vulnerability." This CVE ID is
unique from CVE-2018-8643. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0541 |
Microsoft |
MSHTML engine |
Microsoft MSHTML Engine Remote Code Execution
Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the MSHTML engine improperly validates input, aka "MSHTML Engine
Remote Code Execution Vulnerability. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0604 |
Microsoft |
SharePoint |
Microsoft SharePoint Remote Code Execution Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in Microsoft
SharePoint when the software fails to check the source markup of an
application package, aka 'Microsoft SharePoint Remote Code Execution
Vulnerability'. This CVE ID is unique from CVE-2019-0594. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0708 |
Microsoft |
Remote Desktop Services |
"BlueKeep" Windows Remote Desktop RCE
Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in Remote
Desktop Services formerly known as Terminal Services when an unauthenticated
attacker connects to the target system using RDP and sends specially crafted
requests. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0752 |
Microsoft |
Internet Explorer |
Microsoft Internet Explorer Type Confusion
Vulnerability |
2/15/2022 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer |
Apply updates per vendor
instructions. |
8/15/2022 |
| CVE-2019-0797 |
Microsoft |
Windows Win32k |
Windows win32k.sys Driver Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in Windows
when the Win32k component fails to properly handle objects in memory, aka
'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2019-0808. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0803 |
Microsoft |
Windows Win32k |
Windows win32k Escalation Kernel Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in Windows
when the Win32k component fails to properly handle objects in memory, aka
'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2019-0685, CVE-2019-0859. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0808 |
Microsoft |
Windows Win32k |
Windows 7 win32k.sys Driver Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in Windows
when the Win32k component fails to properly handle objects in memory, aka
'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2019-0797. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0859 |
Microsoft |
Windows Win32k |
Windows win32k Escalation Kernel Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in Windows
when the Win32k component fails to properly handle objects in memory, aka
'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2019-0685, CVE-2019-0803. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-0863 |
Microsoft |
Windows Error Reporting (WER) |
Windows Error Reporting Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in the way
Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting
Elevation of Privilege Vulnerability'. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-1214 |
Microsoft |
Windows Common Log File System (CLFS) driver |
Windows CLFS vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists when the
Windows Common Log File System (CLFS) driver improperly handles objects in
memory, aka 'Windows Common Log File System Driver Elevation of Privilege
Vulnerability'. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-1215 |
Microsoft |
Windows Winsock |
Windows Winsock (ws2ifsl.sys) vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in the way
that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation
of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253,
CVE-2019-1278, CVE-2019-1303. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-1367 |
Microsoft |
Internet Explorer Scripting Engine |
Internet Explorer 9-11 Scripting Engine Memory Corruption
Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer.
This CVE ID is unique from CVE-2019-1221. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-1429 |
Microsoft |
Internet Explorer Scripting Engine |
Internet Explorer 9-11 Scripting Engine Memory Corruption
Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer.
This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2019-1458 |
Windows |
Win32K |
Microsoft Win32K Elevation of Privilege |
1/10/2022 |
An elevation of privilege vulnerability exists in Windows
when the Win32k component fails to properly handle objects in memory, aka
'Win32k EoP. |
Apply updates per vendor
instructions. |
7/10/2022 |
| CVE-2020-0601 |
Microsoft |
Windows CryptoAPI |
Windows 10 API/ECC Vulnerability |
11/3/2021 |
A spoofing vulnerability exists in the way Windows
CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC)
certificates. An attacker could exploit the vulnerability by using a spoofed
code-signing certificate to sign a malicious executable, making it appear the
file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing
Vulnerability'. |
Apply updates per vendor
instructions. |
1/29/2020 |
| CVE-2020-0646 |
Microsoft |
Microsoft .NET Framework |
Microsoft .NET Framework RCE |
11/3/2021 |
A remote code execution vulnerability exists when the
Microsoft .NET Framework fails to validate input properly, aka '.NET
Framework Remote Code Execution Injection Vulnerability'. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0674 |
Microsoft |
Internet Explorer Scripting Engine |
Internet Explorer 9-11 Scripting Engine Memory Corruption
Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer.
This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711,
CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0683 |
Microsoft |
Windows Installer |
Microsoft Elevation of Privilege Installer Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in the
Windows Installer when MSI packages process symbolic links, aka 'Windows
Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2020-0686. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0688 |
Microsoft |
Microsoft Exchange Server |
Microsoft Exchange Server Key Validation Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in Microsoft
Exchange software when the software fails to properly handle objects in
memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0787 |
Microsoft |
Windows Background Intelligent Transfer Service (BITS) |
Microsoft Windows Background Intelligent Transfer Service
(BITS) Improper Privilege Management Vulnerability |
1/28/2022 |
Microsoft Windows BITS is vulnerable to to a privilege
elevation vulnerability if it improperly handles symbolic links. An actor can
exploit this vulnerability to execute arbitrary code with system-level
privileges. |
Apply updates per vendor
instructions. |
7/28/2022 |
| CVE-2020-0796 |
Microsoft |
SMBv3 |
Microsoft SMBv3 Remote Code Execution Vulnerability |
2/10/2022 |
A remote code execution vulnerability exists in the way
that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles
certain requests. An attacker who successfully exploited the vulnerability
could gain the ability to execute code on the target server or client. |
Apply updates per vendor
instructions. |
8/10/2022 |
| CVE-2020-0878 |
Microsoft |
Microsoft Edge, Internet Explorer |
Microsoft Browser Memory Corruption Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that Microsoft browsers access objects in memory. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0938 |
Microsoft |
Windows, Windows Adobe Type Manager Library |
Microsoft Windows Type 1 Font Parsing Remote Code
Execution Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in Microsoft
Windows when the Windows Adobe Type Manager Library improperly handles a
specially-crafted multi-master font - Adobe Type 1 PostScript format. This
CVE ID is unique from CVE-2020-1020. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0968 |
Microsoft |
Internet Explorer Scripting Engine |
Internet Explorer Scripting Engine Memory Corruption
Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer.
This CVE ID is unique from CVE-2020-0970. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-0986 |
Microsoft |
Windows Kernel |
Windows Kernel Elevation of Privilege vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists when the
Windows kernel fails to properly handle objects in memory, aka 'Windows
Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266,
CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276,
CVE-2020-1307, CVE-2020-1316. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1020 |
Microsoft |
Windows, Windows Adobe Type Manager Library |
Microsoft Windows Type 1 Font Parsing Remote Code
Execution Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in Microsoft
Windows when the Windows Adobe Type Manager Library improperly handles a
specially-crafted multi-master font - Adobe Type 1 PostScript format. This
CVE ID is unique from CVE-2020-0938. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1040 |
Microsoft |
Hyper-V RemoteFX vGPU |
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists when Hyper-V
RemoteFX vGPU on a host server fails to properly validate input from an
authenticated user on a guest operating system. This CVE ID is unique from
CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1054 |
Microsoft |
Windows Win32k |
Microsoft Windows Win32k Privilege Escalation
Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists in Windows
when the Windows kernel-mode driver fails to properly handle objects in
memory |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1147 |
Microsoft |
Microsoft .NET Framework, Microsoft SharePoint, Visual
Studio |
Microsoft .NET Framework, SharePoint Server, and Visual
Studio RCE |
11/3/2021 |
A remote code execution vulnerability exists in .NET
Framework, Microsoft SharePoint, and Visual Studio when the software fails to
check the source markup of XML file input. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1350 |
Microsoft |
Windows Domain Name System Server |
"SigRed" - Windows DNS Server Remote Code
Execution Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in Windows
Domain Name System servers when they fail to properly handle requests. |
Apply updates per vendor
instructions. |
7/24/2020 |
| CVE-2020-1380 |
Microsoft |
Internet Explorer |
Scripting Engine Memory Corruption Vulnerability |
11/3/2021 |
A remote code execution vulnerability exists in the way
that the scripting engine handles objects in memory in Internet Explorer, aka
'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique
from CVE-2020-1555, CVE-2020-1570. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1464 |
Microsoft |
Windows |
Windows Spoofing Vulnerability |
11/3/2021 |
A spoofing vulnerability exists when Windows incorrectly
validates file signatures. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-1472 |
Microsoft |
Netlogon Remote Protocol (MS-NRPC) |
NetLogon Elevation of Privilege Vulnerability |
11/3/2021 |
An elevation of privilege vulnerability exists when an
attacker establishes a vulnerable Netlogon secure channel connection to a
domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka
'Netlogon Elevation of Privilege Vulnerability'. |
Apply updates per vendor
instructions. |
9/21/2020 |
| CVE-2020-17087 |
Microsoft |
Windows Kernel |
Windows Kernel Cryptography Driver Privilege Escalation |
11/3/2021 |
Windows Kernel Local Elevation of Privilege Vulnerability |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2020-17144 |
Microsoft |
Microsoft Exchange Server |
Microsoft Exchange RCE |
11/3/2021 |
Microsoft Exchange Remote Code Execution Vulnerability.
This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141,
CVE-2020-17142. |
Apply updates per vendor
instructions. |
5/3/2022 |
| CVE-2021-1647 |
Microsoft |
Microsoft Defender |
Microsoft Defender RCE |
11/3/2021 |
Microsoft Defender Remote Code Execution Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-1675 |
Microsoft |
Windows Print Spooler |
Microsoft Print Spooler Remote Code Execution |
11/3/2021 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-1732 |
Microsoft |
Windows Win32k |
Microsoft Windows Win32k Privilege Escalation |
11/3/2021 |
Windows Win32k Elevation of Privilege Vulnerability. This
CVE ID is unique from CVE-2021-1698. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-26411 |
Microsoft |
Microsoft Edge, Internet Explorer |
Microsoft Internet Explorer and Edge Memory Corruption
Vulnerability |
11/3/2021 |
Internet Explorer Memory Corruption Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-26855 |
Microsoft |
Microsoft Exchange Server |
Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
11/3/2021 |
Microsoft Exchange Server Remote Code Execution
Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854,
CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. |
Apply updates per vendor
instructions. |
4/16/2021 |
| CVE-2021-26857 |
Microsoft |
Microsoft Exchange Server |
Microsoft Unified Messaging Deserialization Vulnerability |
11/3/2021 |
Microsoft Exchange Server Remote Code Execution
Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854,
CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. |
Apply updates per vendor
instructions. |
4/16/2021 |
| CVE-2021-26858 |
Microsoft |
Microsoft Exchange Server |
Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
11/3/2021 |
Microsoft Exchange Server Remote Code Execution
Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854,
CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078. |
Apply updates per vendor
instructions. |
4/16/2021 |
| CVE-2021-27059 |
Microsoft |
Microsoft Office |
Microsoft Office RCE |
11/3/2021 |
Microsoft Office Remote Code Execution Vulnerability. This
CVE ID is unique from CVE-2021-24108, CVE-2021-27057. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-27065 |
Microsoft |
Microsoft Exchange Server |
Microsoft OWA Exchange Control Panel (ECP) Exploit Chain |
11/3/2021 |
Microsoft Exchange Server Remote Code Execution
Vulnerability. This CVE ID is unique from CVE-2021-26412, CVE-2021-26854,
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. |
Apply updates per vendor
instructions. |
4/16/2021 |
| CVE-2021-27085 |
Microsoft |
Internet Explorer |
Internet Explorer 11 RCE |
11/3/2021 |
Internet Explorer Remote Code Execution Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-28310 |
Microsoft |
Windows Win32k |
Microsoft Windows Win32k Privilege Escalation
Vulnerability |
11/3/2021 |
Win32k Elevation of Privilege Vulnerability. This CVE ID
is unique from CVE-2021-27072. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-31199 |
Microsoft |
Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulnerabilities |
11/3/2021 |
Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulnerability. This CVE ID is unique from CVE-2021-31201. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-31201 |
Microsoft |
Microsoft Enhanced Cryptographic Provider |
Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulnerabilities |
11/3/2021 |
Microsoft Enhanced Cryptographic Provider Elevation of
Privilege Vulnerability. This CVE ID is unique from CVE-2021-31199. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-31207 |
Microsoft |
Microsoft Exchange Server |
Microsoft Exchange Server Security Feature Bypass
Vulnerability |
11/3/2021 |
Microsoft Exchange Server Security Feature Bypass
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-31955 |
Microsoft |
Windows Kernel |
Microsoft Windows Kernel Information Disclosure
Vulnerability |
11/3/2021 |
Windows Kernel Information Disclosure Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-31956 |
Microsoft |
Windows NTFS |
Microsoft Windows NTFS Elevation of Privilege
Vulnerability |
11/3/2021 |
Windows NTFS Elevation of Privilege Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-31979 |
Microsoft |
Windows Kernel |
Windows Kernel Elevation of Privilege Vulnerability |
11/3/2021 |
Windows Kernel Elevation of Privilege Vulnerability. This
CVE ID is unique from CVE-2021-33771, CVE-2021-34514. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-33739 |
Microsoft |
Microsoft Desktop Window Manager (DWM) |
Microsoft DWM Core Library Elevation of Privilege
Vulnerability |
11/3/2021 |
Microsoft Desktop Window Manager (DWM) Core Library
Elevation of Privilege Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-33742 |
Microsoft |
Windows MSHTML Platform |
Microsoft Windows MSHTML Platform Remote Code Execution
Vulnerability |
11/3/2021 |
Windows MSHTML Platform Remote Code Execution
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-33766 |
Microsoft |
Exchange Servers |
Microsoft Exchange Server Information Disclosure |
1/18/2022 |
Microsoft Exchange Servers contain an information
disclosure vulnerability which can allow an unauthenticated attacker to steal
email traffic from target. |
Apply updates per vendor
instructions. |
2/1/2022 |
| CVE-2021-33771 |
Microsoft |
Windows Kernel |
Windows Kernel Elevation of Privilege |
11/3/2021 |
Windows Kernel Elevation of Privilege Vulnerability. This
CVE ID is unique from CVE-2021-31979, CVE-2021-34514. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-34448 |
Microsoft |
Scripting Engine |
Microsoft Scripting Engine Memory Corruption Vulnerability |
11/3/2021 |
Scripting Engine Memory Corruption Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-34473 |
Microsoft |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution
Vulnerability |
11/3/2021 |
Microsoft Exchange Server Remote Code Execution
Vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-34523 |
Microsoft |
Microsoft Exchange Server |
Microsoft Exchange Server Elevation of Privilege
Vulnerability |
11/3/2021 |
Microsoft Exchange Server Elevation of Privilege
Vulnerability. This CVE ID is unique from CVE-2021-33768, CVE-2021-34470. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-34527 |
Microsoft |
Windows |
"PrintNightmare" - Microsoft Windows Print
Spooler Remote Code Execution Vulnerability |
11/3/2021 |
Windows Print Spooler Remote Code Execution Vulnerability |
Apply updates per vendor
instructions. |
7/20/2021 |
| CVE-2021-36934 |
Microsoft |
Windows SAM |
Microsoft Windows SAM Local Privilege Escalation
Vulnerability |
2/10/2022 |
If a Volume Shadow Copy (VSS) shadow copy of the system
drive is available, users can read the SAM file which would allow any user to
escalate privileges to SYSTEM level. |
Apply updates per vendor
instructions. |
2/24/2022 |
| CVE-2021-36942 |
Microsoft |
Windows Local Security Authority (LSA) |
Microsoft LSA Spoofing |
11/3/2021 |
Windows Local Security Authority (LSA) Spoofing
Vulnerability "PetitPotam" |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-36948 |
Microsoft |
Windows Update Medic Service |
Microsoft Windows Update Medic Service Elevation of
Privilege |
11/3/2021 |
Windows Update Medic Service Elevation of Privilege
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-36955 |
Microsoft |
Windows Common Log File System Driver |
Microsoft Windows Common Log File System Driver Privilege
Escalation |
11/3/2021 |
Microsoft Windows Common Log File System Driver contains
an unspecified vulnerability which allows for privilege escalation. |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-38645 |
Microsoft |
Microsoft Azure Open Management Infrastructure (OMI) |
Microsoft Azure Open Management Infrastructure (OMI)
Elevation of Privilege Vulnerability |
11/3/2021 |
Open Management Infrastructure Elevation of Privilege
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-38647 |
Microsoft |
Microsoft Azure Open Management Infrastructure (OMI) |
Microsoft Azure Open Management Infrastructure (OMI)
Remote Code Execution |
11/3/2021 |
Azure Open Management Infrastructure Remote Code Execution
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-38648 |
Microsoft |
Microsoft Azure Open Management Infrastructure (OMI) |
Microsoft Azure Open Management Infrastructure (OMI)
Elevation of Privilege Vulnerability |
11/3/2021 |
Open Management Infrastructure Elevation of Privilege
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-38649 |
Microsoft |
Microsoft Azure Open Management Infrastructure (OMI) |
Microsoft Azure Open Management Infrastructure (OMI)
Elevation of Privilege Vulnerability |
11/3/2021 |
Open Management Infrastructure Elevation of Privilege
Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-40444 |
Microsoft |
Microsoft MSHTML |
Microsoft Windows, Server (spec. IE) All Arbitrary Code
Execution |
11/3/2021 |
Microsoft MSHTML Remote Code Execution Vulnerability |
Apply updates per vendor
instructions. |
11/17/2021 |
| CVE-2021-40449 |
Microsoft |
Windows OS |
Microsoft Windows Win32k Elevation of Privilege |
11/17/2021 |
Unspecified vulnerability allows for an authenticated user
to escalate privileges. |
Apply updates per vendor
instructions. |
12/1/2021 |
| CVE-2021-42292 |
Microsoft |
Office |
Microsoft Excel Security Feature Bypass |
11/17/2021 |
A security feature bypass vulnerability in Microsoft Excel
would allow a local user to perform arbitrary code execution. |
Apply updates per vendor
instructions. |
12/1/2021 |
| CVE-2021-42321 |
Microsoft |
Exchange |
Microsoft Exchange Server Remote Code Execution |
11/17/2021 |
An authenticated attacker could leverage improper
validation in cmdlet arguments within Microsoft Exchange and perform remote
code execution. |
Apply updates per vendor
instructions. |
12/1/2021 |
| CVE-2021-43890 |
Microsoft |
Windows AppX Installer |
Microsoft Windows AppX Installer Spoofing Vulnerability |
12/15/2021 |
Microsoft Windows AppX Installer contains a spoofing
vulnerability which has a high impacts to confidentiality, integrity, and
availability. |
Apply updates per vendor
instructions. |
12/29/2021 |
| CVE-2022-21882 |
Microsoft |
Win32k |
Microsoft Win32k Privilege Escalation Vulnerability |
2/4/2022 |
Microsoft Win32k contains an unspecified vulnerability
which allows for privilege escalation. |
Apply updates per vendor
instructions. |
2/18/2022 |
|
|
|
|
|
|
|
|