cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-49105,https://securityvulnerability.io/vulnerability/CVE-2024-49105,Remote Desktop Client Remote Code Execution Vulnerability,"This vulnerability in the Microsoft Remote Desktop Client allows attackers to execute arbitrary code remotely on the affected systems. When exploited, it could enable an unauthorized user to gain control over the system, posing a severe risk to the integrity and confidentiality of user data. Users of the Remote Desktop Client are strongly advised to apply any available security updates and take precautions to secure their environments against potential exploitation.",Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Remote Desktop Client For Windows Desktop,Windows Server 2022,Windows 10 Version 21h2,Windows 11 Version 22h2,Windows 10 Version 22h2,Windows Server 2025 (server Core Installation),Windows 11 Version 22h3,Windows 11 Version 23h2,Windows Server 2022, 23h2 Edition (server Core Installation),Windows 11 Version 24h2,Windows Server 2025,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Windows App Client For Windows Desktop",8.4,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-12-12T02:04:00.000Z,0 CVE-2024-38177,https://securityvulnerability.io/vulnerability/CVE-2024-38177,Windows App Installer Spoofing Vulnerability Allows Elevation of Privilege,The vulnerability in the Windows App Installer allows an attacker to potentially spoof application identities by manipulating how the installer identifies its source. This could enable the execution of malicious applications under the guise of trusted applications. Users should be aware of the risks associated with downloading applications from unverified sources and ensure their systems are updated to the latest versions to mitigate this risk.,Microsoft,App Installer,7.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-08-13T17:30:28.629Z,0 CVE-2022-26934,https://securityvulnerability.io/vulnerability/CVE-2022-26934,Windows Graphics Component Information Disclosure Vulnerability,Windows Graphics Component Information Disclosure Vulnerability,Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1909,Windows 10 Version 21h1,Windows Server 2022,Windows 10 Version 20h2,Windows Server Version 20h2,Windows 11 Version 21h2,Windows 10 Version 21h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019 For Mac,Microsoft 365 Apps For Enterprise,Microsoft Office Ltsc For Mac 2021",6.5,MEDIUM,0.016049999743700027,false,false,false,false,,false,false,2022-05-10T20:33:52.000Z,0 CVE-2021-43890,https://securityvulnerability.io/vulnerability/CVE-2021-43890,Windows AppX Installer Spoofing Vulnerability,"We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Please see the Security Updates table for the link to the updated app. Alternatively you can download and install the Installer using the links provided in the FAQ section. Please see the Mitigations and Workaround sections for important information about steps you can take to protect your system from this vulnerability. December 27 2023 Update: In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. To address this increase in activity, we have updated the App Installer to disable the ms-appinstaller protocol by default and recommend other potential mitigations. ",Microsoft,App Installer,7.1,HIGH,0.3200100064277649,true,false,false,true,,false,false,2021-12-15T14:15:35.000Z,0 CVE-2021-40454,https://securityvulnerability.io/vulnerability/CVE-2021-40454,Rich Text Edit Control Information Disclosure Vulnerability,Rich Text Edit Control Information Disclosure Vulnerability,Microsoft,"Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1909,Windows 10 Version 21h1,Windows Server 2022,Windows 10 Version 2004,Windows Server Version 2004,Windows 10 Version 20h2,Windows Server Version 20h2,Windows 11 Version 21h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 8.1,Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation),Microsoft Office 2019,Microsoft Office 2019 For Mac,Microsoft 365 Apps For Enterprise,Microsoft Office 2016,Microsoft Office 2013 Service Pack 1,Microsoft Office Ltsc 2021,Microsoft Office Ltsc For Mac 2021",5.5,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2021-10-13T00:26:50.000Z,0 CVE-2021-28455,https://securityvulnerability.io/vulnerability/CVE-2021-28455,Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability,Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability,Microsoft,"Microsoft Access 2013 Service Pack 1 (32-bit Editions),Microsoft Access 2013 Service Pack 1 (64-bit Editions),Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Office 2016,Microsoft Access 2016 (32-bit Edition),Microsoft Access 2016 (64-bit Edition),Microsoft Office 2013 Service Pack 1,Windows 10 Version 1803,Windows 10 Version 1809,Windows Server 2019,Windows Server 2019 (server Core Installation),Windows 10 Version 1909,Windows Server, Version 1909 (server Core Installation),Windows 10 Version 2004,Windows Server Version 2004,Windows 10 Version 20h2,Windows Server Version 20h2,Windows 10 Version 1507,Windows 10 Version 1607,Windows Server 2016,Windows Server 2016 (server Core Installation),Windows 7,Windows 7 Service Pack 1,Windows 8.1,Windows Server 2008 Service Pack 2,Windows Server 2008 Service Pack 2 (server Core Installation),Windows Server 2008 Service Pack 2,Windows Server 2008 R2 Service Pack 1,Windows Server 2008 R2 Service Pack 1 (server Core Installation),Windows Server 2012,Windows Server 2012 (server Core Installation),Windows Server 2012 R2,Windows Server 2012 R2 (server Core Installation)",8.8,HIGH,0.01874000020325184,false,false,false,false,,false,false,2021-05-11T19:11:14.000Z,0