Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-31195

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-11 May, 2021 | 19:11
Updated At-28 Feb, 2025 | 19:57
Rejected At-
Credits

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:11 May, 2021 | 19:11
Updated At:28 Feb, 2025 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2016 Cumulative Update 19
CPEs
  • cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.01.0 before 15.01.2176.014 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 8
CPEs
  • cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.0792.015 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 9
CPEs
  • cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.0858.012 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2016 Cumulative Update 20
CPEs
  • cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.01.0 before 15.01.2242.010 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2013 Cumulative Update 23
CPEs
  • cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.00.0 before 15.00.1497.018 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ASpoofing
Type: Impact
CWE ID: N/A
Description: Spoofing
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290 Authentication Bypass by Spoofing
Type: CWE
CWE ID: CWE-290
Description: CWE-290 Authentication Bypass by Spoofing
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:11 May, 2021 | 19:15
Updated At:28 Feb, 2025 | 20:15

Microsoft Exchange Server Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>exchange_server>>2013
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2016
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>exchange_server>>2019
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-290Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-290
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195secure@microsoft.com
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2698Records found
CVE-2024-28943
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.20% / 83.75%
||
7 Day CHG+0.57%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022odbc_driver_for_sql_serversql_server_2019Microsoft SQL Server 2022 (GDR)Microsoft ODBC Driver 17 for SQL Server on LinuxMicrosoft SQL Server 2019 (CU 25)Microsoft ODBC Driver 17 for SQL Server on WindowsMicrosoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for (CU 12)Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft SQL Server 2019 (GDR)Microsoft ODBC Driver 17 for SQL Server on MacOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28954
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.72%
||
7 Day CHG~0.00%
Published-21 Mar, 2021 | 04:16
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.

Action-Not Available
Vendor-bit_projectn/aMicrosoft Corporation
Product-windowsbitn/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-28944
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.62% / 85.10%
||
7 Day CHG+0.67%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019ole_db_driver_for_sql_serverMicrosoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-197
Numeric Truncation Error
CVE-2024-28939
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.39% / 79.56%
||
7 Day CHG+0.42%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019ole_db_driver_for_sql_serverMicrosoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2024-28941
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.20% / 83.75%
||
7 Day CHG+0.57%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-odbc_driver_for_sql_serversql_server_2022sql_server_2019Microsoft SQL Server 2022 (GDR)Microsoft ODBC Driver 17 for SQL Server on LinuxMicrosoft SQL Server 2019 (CU 25)Microsoft ODBC Driver 17 for SQL Server on WindowsMicrosoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for (CU 12)Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft SQL Server 2019 (GDR)Microsoft ODBC Driver 17 for SQL Server on MacOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-28937
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.20% / 83.75%
||
7 Day CHG+0.57%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019visual_studio_2022visual_studio_2019sql_server_2022odbc_driver_for_sql_serverMicrosoft SQL Server 2022 (GDR)Microsoft ODBC Driver 17 for SQL Server on LinuxMicrosoft SQL Server 2019 (CU 25)Microsoft ODBC Driver 17 for SQL Server on WindowsMicrosoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for (CU 12)Microsoft Visual Studio 2022 version 17.8Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft Visual Studio 2022 version 17.4Microsoft SQL Server 2019 (GDR)Microsoft ODBC Driver 17 for SQL Server on MacOSMicrosoft Visual Studio 2022 version 17.9
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2019-0903
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-50.68% / 97.77%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1709windows_server_2008windows_server_2012windows_10_1607windows_server_2019windows_10_1703windows_8.1windows_7windows_10_1903windows_10_1507windows_server_1903windows_10_1809windows_10_1803windows_rt_8.1windows_server_1803Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindowsWindows ServerGraphics Device Interface (GDI)
CVE-2024-28928
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.64% / 81.22%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 17:02
Updated-05 May, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2016sql_server_2019sql_server_2017Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 for (CU 13)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 for x64-based Systems (CU 27)
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-28929
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.36% / 84.32%
||
7 Day CHG+1.06%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019visual_studio_2022visual_studio_2019sql_server_2022odbc_driver_for_sql_serverMicrosoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 25)Microsoft ODBC Driver 17 for SQL Server on LinuxMicrosoft ODBC Driver 17 for SQL Server on WindowsMicrosoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for (CU 12)Microsoft Visual Studio 2022 version 17.8Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft Visual Studio 2022 version 17.4Microsoft SQL Server 2019 (GDR)Microsoft ODBC Driver 17 for SQL Server on MacOSMicrosoft Visual Studio 2022 version 17.9
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-28906
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.98% / 86.00%
||
7 Day CHG+1.34%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019ole_db_driver_for_sql_serversql_server_2022Microsoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 for (CU 12)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-28945
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.78% / 81.96%
||
7 Day CHG+0.47%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019ole_db_driver_for_sql_serverMicrosoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-28909
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.98% / 86.00%
||
7 Day CHG+1.34%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019ole_db_driver_for_sql_serversql_server_2022Microsoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 for (CU 12)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2009-0231
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-71.39% / 98.66%
||
7 Day CHG~0.00%
Published-15 Jul, 2009 | 15:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_xpwindows_server_2003windows_server_2008n/a
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2024-28927
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.22% / 83.83%
||
7 Day CHG+0.57%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019ole_db_driver_for_sql_serverMicrosoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-28933
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.82%
||
7 Day CHG+0.45%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019visual_studio_2022visual_studio_2019sql_server_2022odbc_driver_for_sql_serverMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft ODBC Driver 17 for SQL Server on LinuxMicrosoft ODBC Driver 17 for SQL Server on WindowsMicrosoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for (CU 12)Microsoft Visual Studio 2022 version 17.9Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft Visual Studio 2022 version 17.4Microsoft SQL Server 2019 (GDR)Microsoft ODBC Driver 17 for SQL Server on MacOSMicrosoft Visual Studio 2022 version 17.6
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-28912
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.23% / 83.88%
||
7 Day CHG+0.59%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019ole_db_driver_for_sql_serversql_server_2022Microsoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 for (CU 12)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-28911
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.23% / 83.88%
||
7 Day CHG+0.59%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019ole_db_driver_for_sql_serversql_server_2022Microsoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-28931
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.85% / 82.29%
||
7 Day CHG+0.56%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019visual_studio_2022visual_studio_2019sql_server_2022odbc_driver_for_sql_serverMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft ODBC Driver 17 for SQL Server on LinuxMicrosoft ODBC Driver 17 for SQL Server on WindowsMicrosoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on WindowsMicrosoft SQL Server 2022 for (CU 12)Microsoft Visual Studio 2022 version 17.8Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft Visual Studio 2022 version 17.4Microsoft SQL Server 2019 (GDR)Microsoft ODBC Driver 17 for SQL Server on MacOSMicrosoft Visual Studio 2022 version 17.9
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-29888
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-28910
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.45% / 87.05%
||
7 Day CHG+1.54%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019ole_db_driver_for_sql_serversql_server_2022Microsoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-8010
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 21:11
Updated-28 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-windowsmacoschromelinux_kernelChrome
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2018-4361
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.16%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CVE-2021-28602
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.85% / 89.13%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:57
Updated-23 Apr, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects Memory corruption could lead to code execution vulnerability

Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28475
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.99% / 86.03%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CVE-2021-28452
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.73% / 71.78%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Memory Corruption Vulnerability

Microsoft Outlook Memory Corruption Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoutlookofficeMicrosoft 365 Apps for EnterpriseMicrosoft Outlook 2010 Service Pack 2Microsoft Outlook 2013 Service Pack 1Microsoft Outlook 2016Microsoft Office 2019
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-28926
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-2.22% / 83.83%
||
7 Day CHG+0.57%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019ole_db_driver_for_sql_serverMicrosoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 for (CU 12)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-28915
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-3.00% / 86.07%
||
7 Day CHG+0.79%
Published-09 Apr, 2024 | 17:00
Updated-03 May, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019ole_db_driver_for_sql_serversql_server_2022Microsoft OLE DB Driver 19 for SQL ServerMicrosoft SQL Server 2019 (CU 25)Microsoft SQL Server 2022 (GDR)Microsoft OLE DB Driver 18 for SQL ServerMicrosoft SQL Server 2022 for (CU 12)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28632
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-43.41% / 97.42%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-13471: Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28629
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.38% / 88.54%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:16
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate heap corruption vulnerability could lead to arbitrary code execution

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsanimateAnimate
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28549
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.34% / 88.49%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:53
Updated-23 Apr, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28562
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-28.24% / 96.33%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 13:45
Updated-16 Sep, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader use-after-free could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28561
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.03% / 91.77%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:09
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28631
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-43.41% / 97.42%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:51
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28449
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.57% / 87.27%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-excel365_appsofficeMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office 2016Microsoft Excel 2010 Service Pack 2Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CVE-2021-28465
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.26% / 88.37%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web Media Extensions Remote Code Execution Vulnerability

Web Media Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-web_media_extensionsWeb Media Extensions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28554
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-33.25% / 96.76%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-1217
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.33%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 21:42
Updated-15 Oct, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.99% / 86.03%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CVE-2021-28470
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.00% / 87.99%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_code_github_pull_requests_and_issuesVisual Studio Code - GitHub Pull Requests and Issues Extension
CVE-2021-28552
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.88% / 92.22%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28591
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.40% / 90.65%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:09
Updated-23 Apr, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28565
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-11.80% / 93.46%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:08
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader out-of-bounds read could lead to information exposure

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28453
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.41% / 84.48%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsoffice_online_serverofficewordsharepoint_serveroffice_web_apps_server365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Word 2016Microsoft Word 2010 Service Pack 2Microsoft Office Online ServerMicrosoft Word 2013 Service Pack 1 Microsoft SharePoint Server 2019Microsoft SharePoint Server 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Office Web Apps 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2016Microsoft Office 2010 Service Pack 2Microsoft Word 2013 Service Pack 1Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2021-28468
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.52% / 87.18%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Raw Image Extension Remote Code Execution Vulnerability

Raw Image Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-raw_image_extensionRaw Image Extension
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-28620
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.44% / 84.57%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:15
Updated-23 Apr, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate heap corruption vulnerability could lead to arbitrary code execution

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28458
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.91% / 85.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:33
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-ms-rest-nodeauth@azure/ms-rest-nodeauth
CVE-2024-25575
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-2.64% / 85.16%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 14:38
Updated-22 Aug, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Action-Not Available
Vendor-Apple Inc.Foxit Software IncorporatedMicrosoft Corporation
Product-macospdf_readerpdf_editorwindowsFoxit Readerfoxit_reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-28630
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.44% / 62.37%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:16
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsanimateAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28622
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.71% / 85.34%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:16
Updated-17 Sep, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsanimateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0932
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.53%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 19:54
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-chromewindowsChromechrome
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 53
  • 54
  • Next
Details not found