| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33658 |
|
|
|
2022-07-12 |
2022-09-22 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. |
|
2 |
CVE-2022-33652 |
|
|
|
2022-07-12 |
2022-09-22 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33642, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. |
|
3 |
CVE-2022-30226 |
269 |
|
|
2022-07-12 |
2022-07-20 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30206. |
|
4 |
CVE-2022-30225 |
269 |
|
|
2022-07-12 |
2022-07-20 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability. |
|
5 |
CVE-2022-29121 |
400 |
|
DoS |
2022-05-10 |
2022-05-25 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Windows WLAN AutoConfig Service Denial of Service Vulnerability. |
|
6 |
CVE-2022-26935 |
668 |
|
|
2022-05-10 |
2022-05-19 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Windows WLAN AutoConfig Service Information Disclosure Vulnerability. |
|
7 |
CVE-2022-24472 |
|
|
|
2022-04-15 |
2022-10-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability. |
|
8 |
CVE-2022-22711 |
668 |
|
|
2022-07-12 |
2022-09-27 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Windows BitLocker Information Disclosure Vulnerability. |
|
9 |
CVE-2022-22022 |
|
|
|
2022-07-12 |
2022-07-16 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22041, CVE-2022-30206, CVE-2022-30226. |
|
10 |
CVE-2022-21997 |
269 |
|
|
2022-02-09 |
2022-05-23 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718. |
|
11 |
CVE-2022-21932 |
79 |
|
XSS |
2022-01-11 |
2022-01-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. |
|
12 |
CVE-2022-21900 |
|
|
Bypass |
2022-01-11 |
2022-05-23 |
3.8 |
None |
Local Network |
Medium |
??? |
None |
Partial |
Partial |
|
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905. |
|
13 |
CVE-2021-43880 |
|
|
|
2021-12-15 |
2022-07-12 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Mobile Device Management Elevation of Privilege Vulnerability |
|
14 |
CVE-2021-43242 |
|
|
|
2021-12-15 |
2022-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320. |
|
15 |
CVE-2021-42320 |
290 |
|
|
2021-12-15 |
2022-02-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242. |
|
16 |
CVE-2021-42288 |
|
|
Bypass |
2021-11-10 |
2022-07-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Windows Hello Security Feature Bypass Vulnerability |
|
17 |
CVE-2021-41361 |
|
|
|
2021-10-13 |
2021-10-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Active Directory Federation Server Spoofing Vulnerability |
|
18 |
CVE-2021-41354 |
79 |
|
XSS |
2021-10-13 |
2021-10-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
|
19 |
CVE-2021-41353 |
|
|
|
2021-10-13 |
2021-10-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
|
20 |
CVE-2021-40484 |
|
|
|
2021-10-13 |
2021-10-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483. |
|
21 |
CVE-2021-40483 |
|
|
|
2021-10-13 |
2021-10-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484. |
|
22 |
CVE-2021-40440 |
79 |
|
XSS |
2021-09-15 |
2021-09-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
|
23 |
CVE-2021-38652 |
|
|
|
2021-09-15 |
2021-09-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38651. |
|
24 |
CVE-2021-38651 |
|
|
|
2021-09-15 |
2021-09-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-38652. |
|
25 |
CVE-2021-36961 |
|
|
DoS |
2021-09-15 |
2021-09-24 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Installer Denial of Service Vulnerability |
|
26 |
CVE-2021-36950 |
79 |
|
XSS |
2021-08-12 |
2021-08-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
|
27 |
CVE-2021-36946 |
79 |
|
XSS |
2021-08-12 |
2021-08-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
|
28 |
CVE-2021-34466 |
290 |
|
Bypass |
2021-07-16 |
2022-07-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Windows Hello Security Feature Bypass Vulnerability |
|
29 |
CVE-2021-33850 |
79 |
|
XSS |
2021-11-19 |
2021-11-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page. |
|
30 |
CVE-2021-31961 |
269 |
|
|
2021-07-14 |
2021-09-20 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows InstallService Elevation of Privilege Vulnerability |
|
31 |
CVE-2021-28461 |
79 |
|
XSS |
2021-05-11 |
2021-05-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dynamics Finance and Operations Cross-site Scripting Vulnerability |
|
32 |
CVE-2021-28326 |
|
|
DoS |
2021-04-13 |
2021-06-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows AppX Deployment Server Denial of Service Vulnerability |
|
33 |
CVE-2021-26886 |
|
|
DoS |
2021-03-11 |
2021-03-23 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
User Profile Service Denial of Service Vulnerability |
|
34 |
CVE-2021-26866 |
59 |
|
|
2021-03-11 |
2022-05-03 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Update Service Elevation of Privilege Vulnerability |
|
35 |
CVE-2021-24114 |
200 |
|
+Info |
2021-02-25 |
2021-03-03 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Microsoft Teams iOS Information Disclosure Vulnerability |
|
36 |
CVE-2021-24075 |
|
|
DoS |
2021-02-25 |
2021-03-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Windows Network File System Denial of Service Vulnerability |
|
37 |
CVE-2021-1708 |
|
|
|
2021-01-12 |
2021-01-20 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Windows GDI+ Information Disclosure Vulnerability |
|
38 |
CVE-2020-26233 |
706 |
|
|
2020-12-08 |
2021-02-18 |
3.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
None |
|
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option. |
|
39 |
CVE-2020-17147 |
79 |
|
XSS |
2020-12-10 |
2021-03-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dynamics CRM Webclient Cross-site Scripting Vulnerability |
|
40 |
CVE-2020-17083 |
79 |
|
Exec Code XSS |
2020-11-11 |
2020-11-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17084. |
|
41 |
CVE-2020-17021 |
79 |
|
XSS |
2020-11-11 |
2020-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018. |
|
42 |
CVE-2020-17018 |
79 |
|
XSS |
2020-11-11 |
2020-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17021. |
|
43 |
CVE-2020-17006 |
79 |
|
XSS |
2020-11-11 |
2020-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17018, CVE-2020-17021. |
|
44 |
CVE-2020-17005 |
79 |
|
XSS |
2020-11-11 |
2020-11-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17006, CVE-2020-17018, CVE-2020-17021. |
|
45 |
CVE-2020-16978 |
79 |
|
XSS |
2020-10-16 |
2020-10-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16956. |
|
46 |
CVE-2020-16956 |
79 |
|
XSS |
2020-10-16 |
2020-10-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16978. |
|
47 |
CVE-2020-16946 |
79 |
|
XSS |
2020-10-16 |
2020-10-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16945. |
|
48 |
CVE-2020-16945 |
79 |
|
XSS |
2020-10-16 |
2020-10-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16946. |
|
49 |
CVE-2020-16944 |
79 |
|
XSS |
2020-10-16 |
2020-10-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. |
|
50 |
CVE-2020-16943 |
863 |
|
|
2020-10-16 |
2021-07-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka 'Dynamics 365 Commerce Elevation of Privilege Vulnerability'. |
