CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-34709 Bypass 2022-08-09 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Windows Defender Credential Guard Security Feature Bypass Vulnerability.
2 CVE-2022-33649 Bypass 2022-08-09 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.
3 CVE-2022-33632 863 Bypass 2022-07-12 2022-07-20
4.6
None Remote High ??? Partial Partial Partial
Microsoft Office Security Feature Bypass Vulnerability.
4 CVE-2022-33631 Bypass 2022-08-09 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Excel Security Feature Bypass Vulnerability.
5 CVE-2022-30203 Bypass 2022-07-12 2022-07-20
4.6
None Local Low Not required Partial Partial Partial
Windows Boot Manager Security Feature Bypass Vulnerability.
6 CVE-2022-30164 863 Bypass 2022-06-15 2022-07-07
4.6
None Local Low Not required Partial Partial Partial
Kerberos AppContainer Security Feature Bypass Vulnerability.
7 CVE-2022-29246 120 Exec Code Overflow Bypass 2022-05-24 2022-06-07
7.5
None Remote Low Not required Partial Partial Partial
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected.
8 CVE-2022-29127 Bypass 2022-05-10 2022-05-23
1.9
None Local Medium Not required Partial None None
BitLocker Security Feature Bypass Vulnerability.
9 CVE-2022-29107 863 Bypass 2022-05-10 2022-05-19
4.3
None Remote Medium Not required Partial None None
Microsoft Office Security Feature Bypass Vulnerability.
10 CVE-2022-26913 863 Bypass 2022-05-10 2022-05-23
5.8
None Remote Medium Not required Partial Partial None
Windows Authentication Security Feature Bypass Vulnerability.
11 CVE-2022-24502 Bypass 2022-03-09 2022-05-23
4.3
None Remote Medium Not required Partial None None
Windows HTML Platforms Security Feature Bypass Vulnerability.
12 CVE-2022-24466 863 Bypass 2022-05-10 2022-05-26
2.3
None Local Network Medium ??? None Partial None
Windows Hyper-V Security Feature Bypass Vulnerability.
13 CVE-2022-24465 Bypass 2022-03-09 2022-03-14
2.1
None Local Low Not required Partial None None
Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability.
14 CVE-2022-24462 Bypass 2022-03-09 2022-03-14
4.3
None Remote Medium Not required None Partial None
Microsoft Word Security Feature Bypass Vulnerability.
15 CVE-2022-23280 Bypass 2022-02-09 2022-02-14
5.0
None Remote Low Not required Partial None None
Microsoft Outlook for Mac Security Feature Bypass Vulnerability.
16 CVE-2022-23255 863 Bypass 2022-02-09 2022-02-15
4.6
None Local Low Not required Partial Partial Partial
Microsoft OneDrive for Android Security Feature Bypass Vulnerability.
17 CVE-2022-22048 863 Bypass 2022-07-12 2022-07-19
6.6
None Local Low Not required Complete Complete None
BitLocker Security Feature Bypass Vulnerability.
18 CVE-2022-22023 Bypass 2022-07-12 2022-07-16
6.9
None Local Medium Not required Complete Complete Complete
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability.
19 CVE-2022-21968 287 Bypass 2022-02-09 2022-02-14
4.0
None Remote Low ??? Partial None None
Microsoft SharePoint Server Security Feature BypassVulnerability.
20 CVE-2022-21925 Bypass 2022-01-11 2022-01-21
5.4
None Remote High Not required Complete None None
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability.
21 CVE-2022-21924 Bypass 2022-01-11 2022-05-23
5.4
None Remote High Not required Complete None None
Workstation Service Remote Protocol Security Feature Bypass Vulnerability.
22 CVE-2022-21921 Bypass 2022-01-11 2022-05-23
4.9
None Local Low Not required Complete None None
Windows Defender Credential Guard Security Feature Bypass Vulnerability.
23 CVE-2022-21913 863 Bypass 2022-01-11 2022-05-23
5.0
None Remote Low Not required Partial None None
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass.
24 CVE-2022-21906 Bypass 2022-01-11 2022-08-10
2.1
None Local Low Not required None Partial None
Windows Defender Application Control Security Feature Bypass Vulnerability.
25 CVE-2022-21905 Bypass 2022-01-11 2022-05-23
4.9
None Local Network Medium ??? Partial Partial Partial
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21900.
26 CVE-2022-21900 Bypass 2022-01-11 2022-05-23
3.8
None Local Network Medium ??? None Partial Partial
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905.
27 CVE-2022-21899 863 Bypass 2022-01-11 2022-01-19
4.9
None Local Low Not required None None Complete
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability.
28 CVE-2022-21894 Bypass 2022-01-11 2022-05-23
4.9
None Local Low Not required None Complete None
Secure Boot Security Feature Bypass Vulnerability.
29 CVE-2021-42292 Bypass 2021-11-10 2022-07-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Security Feature Bypass Vulnerability
30 CVE-2021-42288 Bypass 2021-11-10 2022-07-12
3.6
None Local Low Not required Partial Partial None
Windows Hello Security Feature Bypass Vulnerability
31 CVE-2021-41363 Bypass 2021-10-13 2021-10-19
4.4
None Local Medium Not required Partial Partial Partial
Intune Management Extension Security Feature Bypass Vulnerability
32 CVE-2021-41346 Bypass 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Console Window Host Security Feature Bypass Vulnerability
33 CVE-2021-41338 Bypass 2021-10-13 2021-10-19
2.1
None Local Low Not required None Partial None
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
34 CVE-2021-41337 Bypass 2021-10-13 2021-10-19
4.0
None Remote Low ??? None Partial None
Active Directory Security Feature Bypass Vulnerability
35 CVE-2021-40460 Bypass 2021-10-13 2022-05-23
4.0
None Remote Low ??? None Partial None
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
36 CVE-2021-40456 Bypass 2021-10-13 2022-05-23
5.0
None Remote Low Not required Partial None None
Windows AD FS Security Feature Bypass Vulnerability
37 CVE-2021-38632 Bypass 2021-09-15 2021-09-27
2.1
None Local Low Not required Partial None None
BitLocker Security Feature Bypass Vulnerability
38 CVE-2021-38624 639 Bypass 2021-09-15 2021-09-27
4.0
None Remote Low ??? None Partial None
Windows Key Storage Provider Security Feature Bypass Vulnerability
39 CVE-2021-36949 287 Bypass 2021-08-12 2021-08-20
4.9
None Local Network Medium ??? Partial Partial Partial
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
40 CVE-2021-34469 Bypass 2021-07-14 2022-07-12
5.8
None Remote Medium Not required Partial Partial None
Microsoft Office Security Feature Bypass Vulnerability
41 CVE-2021-34466 290 Bypass 2021-07-16 2022-07-12
3.6
None Local Low Not required Partial Partial None
Windows Hello Security Feature Bypass Vulnerability
42 CVE-2021-34446 Bypass 2021-07-16 2021-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Windows HTML Platforms Security Feature Bypass Vulnerability
43 CVE-2021-33786 Bypass 2021-07-14 2022-07-12
6.5
None Remote Low ??? Partial Partial Partial
Windows LSA Security Feature Bypass Vulnerability
44 CVE-2021-33781 Bypass 2021-07-14 2021-07-17
5.5
None Remote Low ??? Partial Partial None
Azure AD Security Feature Bypass Vulnerability
45 CVE-2021-33779 Bypass 2021-07-14 2021-07-17
5.5
None Remote Low ??? Partial Partial None
Windows ADFS Security Feature Bypass Vulnerability
46 CVE-2021-33757 Bypass 2021-07-14 2021-07-17
7.5
None Remote Low Not required Partial Partial Partial
Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
47 CVE-2021-33744 Bypass 2021-07-14 2022-05-03
7.2
None Local Low Not required Complete Complete Complete
Windows Secure Kernel Mode Security Feature Bypass Vulnerability
48 CVE-2021-31971 Bypass 2021-06-08 2021-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Windows HTML Platform Security Feature Bypass Vulnerability
49 CVE-2021-31970 Bypass 2021-06-08 2021-09-13
2.1
None Local Low Not required None None Partial
Windows TCP/IP Driver Security Feature Bypass Vulnerability
50 CVE-2021-31962 Bypass 2021-06-08 2022-05-27
7.5
None Remote Low Not required Partial Partial Partial
Kerberos AppContainer Security Feature Bypass Vulnerability
Total number of vulnerabilities : 523   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.