KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)

2021-04-13T00:00:00

Description

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310) - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079) - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088) - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089) - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092) - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309) - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447) - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315) - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096) - Windows Installer Spoofing Vulnerability (CVE-2021-26413) - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440) - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416) - Windows Overlay Filter Information Disclosure Vulnerability (CVE-2021-26417) - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311) - Windows NTFS Denial of Service Vulnerability (CVE-2021-28312) - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313, CVE-2021-28321, CVE-2021-28322) - Windows Hyper-V Elevation of Privilege Vulnerability (CVE-2021-28314) - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316) - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317) - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318) - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439) - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320) - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328) - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325) - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326) - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434) - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436) - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350) - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435) - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437) - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443) - Windows Hyper-V Information Disclosure Vulnerability (CVE-2021-28441) - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442) - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444) - N/A (CVE-2021-28445, CVE-2021-28446) - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "SMB_NT_MS21_APR_5001342.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)\n\n - Windows Overlay Filter Information Disclosure Vulnerability (CVE-2021-26417)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Windows NTFS Denial of Service Vulnerability (CVE-2021-28312)\n\n - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313, CVE-2021-28321, CVE-2021-28322)\n\n - Windows Hyper-V Elevation of Privilege Vulnerability (CVE-2021-28314)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443)\n\n - Windows Hyper-V Information Disclosure Vulnerability (CVE-2021-28441)\n\n - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - N/A (CVE-2021-28445, CVE-2021-28446)\n\n - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-04-13T00:00:00", "modified": "2023-04-25T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/148473", "reporter": "This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27094", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28334", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27086", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27088", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28443", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28435", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28330", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28439", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28312", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28353", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28319", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28316", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28438", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28336", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28355", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28441", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28442", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27072", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28341", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28318", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27079", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28313", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28350", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26416", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26413", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28351", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28356", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28358", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28347", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28440", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28311", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26415", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27092", "https://support.microsoft.com/en-us/help/5001342", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28342", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28317", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28352", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27089", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28343", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28327", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28436", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28314", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28349", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28340", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28346", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28333", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28447", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28325", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28331", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28315", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28310", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28321", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28320", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28339", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28434", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28344", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26417", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28354", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28338", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28345", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28337", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28332", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28323", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28444", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27093", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28326", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28446", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27095", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28437", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28348", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27096", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28357", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28335", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28445", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28328"], "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"], "immutableFields": [], "lastseen": "2023-05-18T15:27:58", "viewCount": 74, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:007C4393-6621-4656-8BFD-D0CFE64DCD65"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "cert", "idList": ["VU:855201"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0221", "CPAI-2021-0223"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-28310"]}, {"type": "cnvd", "idList": ["CNVD-2021-58237", "CNVD-2021-58238", "CNVD-2021-58239", "CNVD-2021-58240", "CNVD-2021-58241", "CNVD-2021-58242", "CNVD-2021-58243", "CNVD-2021-58244", "CNVD-2021-58245", "CNVD-2021-58246", "CNVD-2021-60702", "CNVD-2021-60703", "CNVD-2021-60704", "CNVD-2021-60705", "CNVD-2021-60706", "CNVD-2021-60707", "CNVD-2021-60708", "CNVD-2021-60709", "CNVD-2021-60710", "CNVD-2021-60711", "CNVD-2021-71405", "CNVD-2021-71406", "CNVD-2021-71407", "CNVD-2021-71408", "CNVD-2021-71409", "CNVD-2021-71939", "CNVD-2021-71940", "CNVD-2021-71941", "CNVD-2021-71942", "CNVD-2021-71943", "CNVD-2021-71947", "CNVD-2021-71948", "CNVD-2021-71949", "CNVD-2021-71950", "CNVD-2021-73127", "CNVD-2021-73128", "CNVD-2021-73129", "CNVD-2021-74285", "CNVD-2021-74286", "CNVD-2021-74287", "CNVD-2021-74288", "CNVD-2021-74289", "CNVD-2021-74290", "CNVD-2021-76472", "CNVD-2021-76473"]}, {"type": "cve", "idList": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28324", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"]}, {"type": "githubexploit", "idList": ["40112D6A-7FBB-5931-A770-23D8281F979E", "E28A1968-4646-5D17-9011-B57806D77C72"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA12139", "KLA12141", "KLA12142"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26413", "MS:CVE-2021-26415", "MS:CVE-2021-26416", "MS:CVE-2021-26417", "MS:CVE-2021-27072", "MS:CVE-2021-27079", "MS:CVE-2021-27086", "MS:CVE-2021-27088", "MS:CVE-2021-27089", "MS:CVE-2021-27092", "MS:CVE-2021-27093", "MS:CVE-2021-27094", "MS:CVE-2021-27095", "MS:CVE-2021-27096", "MS:CVE-2021-28309", "MS:CVE-2021-28310", "MS:CVE-2021-28311", "MS:CVE-2021-28312", "MS:CVE-2021-28313", "MS:CVE-2021-28314", "MS:CVE-2021-28315", "MS:CVE-2021-28316", "MS:CVE-2021-28317", "MS:CVE-2021-28318", "MS:CVE-2021-28319", "MS:CVE-2021-28320", "MS:CVE-2021-28321", "MS:CVE-2021-28322", "MS:CVE-2021-28323", "MS:CVE-2021-28324", "MS:CVE-2021-28325", "MS:CVE-2021-28326", "MS:CVE-2021-28327", "MS:CVE-2021-28328", "MS:CVE-2021-28329", "MS:CVE-2021-28330", "MS:CVE-2021-28331", "MS:CVE-2021-28332", "MS:CVE-2021-28333", "MS:CVE-2021-28334", "MS:CVE-2021-28335", "MS:CVE-2021-28336", "MS:CVE-2021-28337", "MS:CVE-2021-28338", "MS:CVE-2021-28339", "MS:CVE-2021-28340", "MS:CVE-2021-28341", "MS:CVE-2021-28342", "MS:CVE-2021-28343", "MS:CVE-2021-28344", "MS:CVE-2021-28345", "MS:CVE-2021-28346", "MS:CVE-2021-28347", "MS:CVE-2021-28348", "MS:CVE-2021-28349", "MS:CVE-2021-28350", "MS:CVE-2021-28351", "MS:CVE-2021-28352", "MS:CVE-2021-28353", "MS:CVE-2021-28354", "MS:CVE-2021-28355", "MS:CVE-2021-28356", "MS:CVE-2021-28357", "MS:CVE-2021-28358", "MS:CVE-2021-28434", "MS:CVE-2021-28435", "MS:CVE-2021-28436", "MS:CVE-2021-28437", "MS:CVE-2021-28438", "MS:CVE-2021-28439", "MS:CVE-2021-28440", "MS:CVE-2021-28441", "MS:CVE-2021-28442", "MS:CVE-2021-28443", "MS:CVE-2021-28444", "MS:CVE-2021-28445", "MS:CVE-2021-28446", "MS:CVE-2021-28447"]}, {"type": "mskb", "idList": ["KB5001292", "KB5001330", "KB5001332", "KB5001335", "KB5001337", "KB5001339", "KB5001340", "KB5001342", "KB5001347", "KB5001382", "KB5001383", "KB5001387", "KB5001389", "KB5001392", "KB5001393"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_APR_5001330.NASL", "SMB_NT_MS21_APR_5001335.NASL", "SMB_NT_MS21_APR_5001337.NASL", "SMB_NT_MS21_APR_5001339.NASL", "SMB_NT_MS21_APR_5001340.NASL", "SMB_NT_MS21_APR_5001343.NASL", "SMB_NT_MS21_APR_5001347.NASL", "SMB_NT_MS21_APR_5001382.NASL", "SMB_NT_MS21_APR_5001387.NASL", "SMB_NT_MS21_APR_5001389.NASL", "SMB_NT_MS21_APR_VISUAL_STUDIO.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:352650F44A686E31669777DBEC831101", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}, {"type": "securelist", "idList": ["SECURELIST:1F59148E6615695438F94EF4956585AA", "SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:A3D3514100806269750A23D748D34C59", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "thn", "idList": ["THN:75586AE52D0AAF674F942498C96A2F6A", "THN:F163C7AB35BEF8E28924E14B02752181"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "zdi", "idList": ["ZDI-21-409", "ZDI-21-424"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:007C4393-6621-4656-8BFD-D0CFE64DCD65"]}, {"type": "avleonov", "idList": ["AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "canvas", "idList": ["SPEECH"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0221", "CPAI-2021-0223"]}, {"type": "cve", "idList": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"]}, {"type": "githubexploit", "idList": ["40112D6A-7FBB-5931-A770-23D8281F979E", "E28A1968-4646-5D17-9011-B57806D77C72"]}, {"type": "kaspersky", "idList": ["KLA12139", "KLA12141", "KLA12142"]}, {"type": "krebs", "idList": ["KREBS:F8A52CE066D12F4E4A9E0128831BF48D"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-26413/", "MSF:ILITIES/MSFT-CVE-2021-26415/", "MSF:ILITIES/MSFT-CVE-2021-27079/", "MSF:ILITIES/MSFT-CVE-2021-28311/", "MSF:ILITIES/MSFT-CVE-2021-28313/", "MSF:ILITIES/MSFT-CVE-2021-28318/", "MSF:ILITIES/MSFT-CVE-2021-28319/", "MSF:ILITIES/MSFT-CVE-2021-28320/", "MSF:ILITIES/MSFT-CVE-2021-28322/", "MSF:ILITIES/MSFT-CVE-2021-28325/", "MSF:ILITIES/MSFT-CVE-2021-28330/", "MSF:ILITIES/MSFT-CVE-2021-28340/", "MSF:ILITIES/MSFT-CVE-2021-28440/", "MSF:ILITIES/MSFT-CVE-2021-28445/", "MSF:ILITIES/MSFT-CVE-2021-28447/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-26413", "MS:CVE-2021-26415", "MS:CVE-2021-26416", "MS:CVE-2021-26417", "MS:CVE-2021-27072", "MS:CVE-2021-27079", "MS:CVE-2021-27086", "MS:CVE-2021-27088", "MS:CVE-2021-27089", "MS:CVE-2021-27092", "MS:CVE-2021-27093", "MS:CVE-2021-27094", "MS:CVE-2021-27095", "MS:CVE-2021-27096", "MS:CVE-2021-28309", "MS:CVE-2021-28310", "MS:CVE-2021-28311", "MS:CVE-2021-28312", "MS:CVE-2021-28313", "MS:CVE-2021-28314", "MS:CVE-2021-28315", "MS:CVE-2021-28316", "MS:CVE-2021-28317", "MS:CVE-2021-28318", "MS:CVE-2021-28319", "MS:CVE-2021-28320", "MS:CVE-2021-28321", "MS:CVE-2021-28322", "MS:CVE-2021-28323", "MS:CVE-2021-28325", "MS:CVE-2021-28326", "MS:CVE-2021-28327", "MS:CVE-2021-28328", "MS:CVE-2021-28329", "MS:CVE-2021-28330", "MS:CVE-2021-28331", "MS:CVE-2021-28332", "MS:CVE-2021-28333", "MS:CVE-2021-28334", "MS:CVE-2021-28335", "MS:CVE-2021-28336", "MS:CVE-2021-28337", "MS:CVE-2021-28338", "MS:CVE-2021-28339", "MS:CVE-2021-28340", "MS:CVE-2021-28341", "MS:CVE-2021-28342", "MS:CVE-2021-28343", "MS:CVE-2021-28344", "MS:CVE-2021-28345", "MS:CVE-2021-28346", "MS:CVE-2021-28347", "MS:CVE-2021-28348", "MS:CVE-2021-28349", "MS:CVE-2021-28350", "MS:CVE-2021-28351", "MS:CVE-2021-28352", "MS:CVE-2021-28353", "MS:CVE-2021-28354", "MS:CVE-2021-28355", "MS:CVE-2021-28356", "MS:CVE-2021-28357", "MS:CVE-2021-28358", "MS:CVE-2021-28434", "MS:CVE-2021-28435", "MS:CVE-2021-28436", "MS:CVE-2021-28437", "MS:CVE-2021-28438", "MS:CVE-2021-28439", "MS:CVE-2021-28440", "MS:CVE-2021-28441", "MS:CVE-2021-28442", "MS:CVE-2021-28443", "MS:CVE-2021-28444", "MS:CVE-2021-28445", "MS:CVE-2021-28446", "MS:CVE-2021-28447"]}, {"type": "mskb", "idList": ["KB5001330", "KB5001339", "KB5001383", "KB5001392", "KB5001393"]}, {"type": "nessus", "idList": ["SMB_HOTFIXES.NASL", "SMB_NT_MS21_APR_VISUAL_STUDIO.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:352650F44A686E31669777DBEC831101"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26"]}, {"type": "securelist", "idList": ["SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:A3D3514100806269750A23D748D34C59"]}, {"type": "thn", "idList": ["THN:F163C7AB35BEF8E28924E14B02752181"]}, {"type": "threatpost", "idList": ["THREATPOST:9235CC6F1DCCA01B571B8693E5F7B880"]}, {"type": "zdi", "idList": ["ZDI-21-409"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-26413", "epss": 0.51235, "percentile": 0.9701, "modified": "2023-05-07"}, {"cve": "CVE-2021-26415", "epss": 0.00046, "percentile": 0.1397, "modified": "2023-05-07"}, {"cve": "CVE-2021-26416", "epss": 0.00149, "percentile": 0.49573, "modified": "2023-05-07"}, {"cve": "CVE-2021-26417", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-27072", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-27079", "epss": 0.01409, "percentile": 0.84465, "modified": "2023-05-07"}, {"cve": "CVE-2021-27086", "epss": 0.00046, "percentile": 0.12825, "modified": "2023-05-07"}, {"cve": "CVE-2021-27088", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-27089", "epss": 0.00239, "percentile": 0.60434, "modified": "2023-05-07"}, {"cve": "CVE-2021-27092", "epss": 0.00201, "percentile": 0.56618, "modified": "2023-05-07"}, {"cve": "CVE-2021-27093", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-27094", "epss": 0.00045, "percentile": 0.12347, "modified": "2023-05-07"}, {"cve": "CVE-2021-27095", "epss": 0.00239, "percentile": 0.60434, "modified": "2023-05-07"}, {"cve": "CVE-2021-27096", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28309", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28310", "epss": 0.00043, "percentile": 0.07644, "modified": "2023-05-07"}, {"cve": "CVE-2021-28311", "epss": 0.00149, "percentile": 0.49584, "modified": "2023-05-07"}, {"cve": "CVE-2021-28312", "epss": 0.00149, "percentile": 0.49584, "modified": "2023-05-07"}, {"cve": "CVE-2021-28313", "epss": 0.00048, "percentile": 0.14842, "modified": "2023-05-07"}, {"cve": "CVE-2021-28314", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28315", "epss": 0.00128, "percentile": 0.4608, "modified": "2023-05-07"}, {"cve": "CVE-2021-28316", "epss": 0.00054, "percentile": 0.19936, "modified": "2023-05-07"}, {"cve": "CVE-2021-28317", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28318", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28319", "epss": 0.00149, "percentile": 0.49584, "modified": "2023-05-07"}, {"cve": "CVE-2021-28320", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28321", "epss": 0.00048, "percentile": 0.14974, "modified": "2023-05-07"}, {"cve": "CVE-2021-28322", "epss": 0.00048, "percentile": 0.14842, "modified": "2023-05-07"}, {"cve": "CVE-2021-28323", "epss": 0.00996, "percentile": 0.81365, "modified": "2023-05-07"}, {"cve": "CVE-2021-28325", "epss": 0.07777, "percentile": 0.93213, "modified": "2023-05-07"}, {"cve": "CVE-2021-28326", "epss": 0.00043, "percentile": 0.07647, "modified": "2023-05-07"}, {"cve": "CVE-2021-28327", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28328", "epss": 0.07777, "percentile": 0.93213, "modified": "2023-05-07"}, {"cve": "CVE-2021-28329", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28330", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28331", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28332", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28333", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28334", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28335", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28336", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28337", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28338", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28339", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28340", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28341", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28342", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28343", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28344", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28345", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28346", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28347", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28348", "epss": 0.00128, "percentile": 0.4608, "modified": "2023-05-07"}, {"cve": "CVE-2021-28349", "epss": 0.00128, "percentile": 0.4608, "modified": "2023-05-07"}, {"cve": "CVE-2021-28350", "epss": 0.00128, "percentile": 0.4608, "modified": "2023-05-07"}, {"cve": "CVE-2021-28351", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28352", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28353", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28354", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28355", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28356", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28357", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28358", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28434", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28435", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28436", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28437", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28438", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28439", "epss": 0.00149, "percentile": 0.49584, "modified": "2023-05-07"}, {"cve": "CVE-2021-28440", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28441", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28442", "epss": 0.07777, "percentile": 0.93213, "modified": "2023-05-07"}, {"cve": "CVE-2021-28443", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28444", "epss": 0.00064, "percentile": 0.26054, "modified": "2023-05-07"}, {"cve": "CVE-2021-28445", "epss": 0.0155, "percentile": 0.85212, "modified": "2023-05-07"}, {"cve": "CVE-2021-28446", "epss": 0.00043, "percentile": 0.07428, "modified": "2023-05-07"}, {"cve": "CVE-2021-28447", "epss": 0.00045, "percentile": 0.12347, "modified": "2023-05-07"}], "vulnersScore": 0.3}, "_state": {"dependencies": 1684444545, "score": 1684423815, "epss": 0}, "_internal": {"score_hash": "2b0b42246e41b566d516b3b9699e990a"}, "pluginID": "148473", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148473);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-26416\",\n \"CVE-2021-26417\",\n \"CVE-2021-27072\",\n \"CVE-2021-27079\",\n \"CVE-2021-27086\",\n \"CVE-2021-27088\",\n \"CVE-2021-27089\",\n \"CVE-2021-27092\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28310\",\n \"CVE-2021-28311\",\n \"CVE-2021-28312\",\n \"CVE-2021-28313\",\n \"CVE-2021-28314\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28319\",\n \"CVE-2021-28320\",\n \"CVE-2021-28321\",\n \"CVE-2021-28322\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28326\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28347\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28351\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28436\",\n \"CVE-2021-28437\",\n \"CVE-2021-28438\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28441\",\n \"CVE-2021-28442\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001342\");\n script_xref(name:\"MSFT\", value:\"MS21-5001342\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)\n\n - Windows Overlay Filter Information Disclosure Vulnerability (CVE-2021-26417)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Windows NTFS Denial of Service Vulnerability (CVE-2021-28312)\n\n - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313,\n CVE-2021-28321, CVE-2021-28322)\n\n - Windows Hyper-V Elevation of Privilege Vulnerability (CVE-2021-28314)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351,\n CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443)\n\n - Windows Hyper-V Information Disclosure Vulnerability (CVE-2021-28441)\n\n - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - N/A (CVE-2021-28445, CVE-2021-28446)\n\n - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001342\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5001342 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001342'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001342])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Microsoft has released KB5001342 to address this issue.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-27092", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2021-04-13T00:00:00", "vulnerabilityPublicationDate": "2021-03-30T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-18T15:27:19", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)\n\n - Windows Overlay Filter Information Disclosure Vulnerability (CVE-2021-26417)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Windows NTFS Denial of Service Vulnerability (CVE-2021-28312)\n\n - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313, CVE-2021-28321, CVE-2021-28322)\n\n - Windows Hyper-V Elevation of Privilege Vulnerability (CVE-2021-28314)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443)\n\n - Windows Hyper-V Information Disclosure Vulnerability (CVE-2021-28441)\n\n - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445) \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\n - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001337: Windows 10 version 1909 / Windows Server 1909 Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001337.NASL", "href": "https://www.tenable.com/plugins/nessus/148461", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148461);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-26416\",\n \"CVE-2021-26417\",\n \"CVE-2021-27072\",\n \"CVE-2021-27079\",\n \"CVE-2021-27086\",\n \"CVE-2021-27088\",\n \"CVE-2021-27089\",\n \"CVE-2021-27092\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28310\",\n \"CVE-2021-28311\",\n \"CVE-2021-28312\",\n \"CVE-2021-28313\",\n \"CVE-2021-28314\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28319\",\n \"CVE-2021-28320\",\n \"CVE-2021-28321\",\n \"CVE-2021-28322\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28326\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28347\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28351\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28436\",\n \"CVE-2021-28437\",\n \"CVE-2021-28438\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28441\",\n \"CVE-2021-28442\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001337\");\n script_xref(name:\"MSFT\", value:\"MS21-5001337\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001337: Windows 10 version 1909 / Windows Server 1909 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)\n\n - Windows Overlay Filter Information Disclosure Vulnerability (CVE-2021-26417)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Windows NTFS Denial of Service Vulnerability (CVE-2021-28312)\n\n - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313,\n CVE-2021-28321, CVE-2021-28322)\n\n - Windows Hyper-V Elevation of Privilege Vulnerability (CVE-2021-28314)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351,\n CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443)\n\n - Windows Hyper-V Information Disclosure Vulnerability (CVE-2021-28441)\n\n - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445)\n \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\n - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001337\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5001337 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001337'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001337])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:16", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313, CVE-2021-28321, CVE-2021-28322)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443)\n\n - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001339: Windows 10 version 1803 Security Update (April 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28313", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28447"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001339.NASL", "href": "https://www.tenable.com/plugins/nessus/148468", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148468);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-27072\",\n \"CVE-2021-27079\",\n \"CVE-2021-27086\",\n \"CVE-2021-27088\",\n \"CVE-2021-27089\",\n \"CVE-2021-27092\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28310\",\n \"CVE-2021-28311\",\n \"CVE-2021-28313\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28319\",\n \"CVE-2021-28320\",\n \"CVE-2021-28321\",\n \"CVE-2021-28322\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28326\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28347\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28351\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28436\",\n \"CVE-2021-28437\",\n \"CVE-2021-28438\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28442\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001339\");\n script_xref(name:\"MSFT\", value:\"MS21-5001339\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001339: Windows 10 version 1803 Security Update (April 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072, CVE-2021-28310)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Windows Event Tracing Elevation of Privilege Vulnerability (CVE-2021-27088)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Azure AD Web Sign-in Security Feature Bypass Vulnerability (CVE-2021-27092)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2021-28313,\n CVE-2021-28321, CVE-2021-28322)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28319, CVE-2021-28439)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351,\n CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28438, CVE-2021-28443)\n\n - Windows TCP/IP Information Disclosure Vulnerability (CVE-2021-28442)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - Windows Services and Controller App Elevation of Privilege Vulnerability (CVE-2021-27086)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001339\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5001339 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001339'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17134',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001339])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:59", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001340: Windows 10 version 1507 LTS Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27089", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28320", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28447"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001340.NASL", "href": "https://www.tenable.com/plugins/nessus/148486", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148486);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-27072\",\n \"CVE-2021-27079\",\n \"CVE-2021-27089\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28320\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28326\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28347\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28351\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28436\",\n \"CVE-2021-28437\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001340\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"MSFT\", value:\"MS21-5001340\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001340: Windows 10 version 1507 LTS Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351,\n CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001340\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5001340 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27095\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28434\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001340'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'10240',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001340])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:06", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351, CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - N/A (CVE-2021-28445, CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27089", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28311", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28320", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001347.NASL", "href": "https://www.tenable.com/plugins/nessus/148465", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148465);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-26416\",\n \"CVE-2021-27072\",\n \"CVE-2021-27079\",\n \"CVE-2021-27089\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28311\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28320\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28326\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28347\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28351\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28436\",\n \"CVE-2021-28437\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001347\");\n script_xref(name:\"MSFT\", value:\"MS21-5001347\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Windows Media Photo Codec Information Disclosure Vulnerability (CVE-2021-27079)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows Hyper-V Denial of Service Vulnerability (CVE-2021-26416)\n\n - Windows Application Compatibility Cache Denial of Service Vulnerability (CVE-2021-28311)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability (CVE-2021-28320)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Windows AppX Deployment Server Denial of Service Vulnerability (CVE-2021-28326)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows Speech Runtime Elevation of Privilege Vulnerability (CVE-2021-28347, CVE-2021-28351,\n CVE-2021-28436)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - N/A (CVE-2021-28445, CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001347\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5001347 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27095\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001347'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001347])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:41", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445) \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001387: Windows Server 2012 Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27072", "CVE-2021-27089", "CVE-2021-27091", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001387.NASL", "href": "https://www.tenable.com/plugins/nessus/148467", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148467);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-27072\",\n \"CVE-2021-27089\",\n \"CVE-2021-27091\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28437\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28443\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001383\");\n script_xref(name:\"MSKB\", value:\"5001387\");\n script_xref(name:\"MSFT\", value:\"MS21-5001383\");\n script_xref(name:\"MSFT\", value:\"MS21-5001387\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001387: Windows Server 2012 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445)\n \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001387\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n- KB5001383\n- KB5001387\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27095\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001387',\n '5001383'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001387, 5001383])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:22", "description": "The remote Windows host is missing a security update. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-05T00:00:00", "type": "nessus", "title": "KB5001330: Windows 10 Version 2004 / Windows 10 Version 20H2 Security Update (April 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27090", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28324", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001330.NASL", "href": "https://www.tenable.com/plugins/nessus/149259", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149259);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-26416\",\n \"CVE-2021-26417\",\n \"CVE-2021-27072\",\n \"CVE-2021-27079\",\n \"CVE-2021-27086\",\n \"CVE-2021-27088\",\n \"CVE-2021-27089\",\n \"CVE-2021-27090\",\n \"CVE-2021-27092\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28310\",\n \"CVE-2021-28311\",\n \"CVE-2021-28312\",\n \"CVE-2021-28313\",\n \"CVE-2021-28314\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28319\",\n \"CVE-2021-28320\",\n \"CVE-2021-28321\",\n \"CVE-2021-28322\",\n \"CVE-2021-28323\",\n \"CVE-2021-28324\",\n \"CVE-2021-28325\",\n \"CVE-2021-28326\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28347\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28351\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28436\",\n \"CVE-2021-28437\",\n \"CVE-2021-28438\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28441\",\n \"CVE-2021-28442\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001330\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"MSFT\", value:\"MS21-5001330\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001330: Windows 10 Version 2004 / Windows 10 Version 20H2 Security Update (April 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. Note that\nNessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001330\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB5001330 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27092\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin, kbs, share;\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001330'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001330])\n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001330])\n)\n\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:05", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445) \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001389: Windows Server 2008 Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27089", "CVE-2021-27093", "CVE-2021-27095", "CVE-2021-28309", "CVE-2021-28315", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28323", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28445", "CVE-2021-28446"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001389.NASL", "href": "https://www.tenable.com/plugins/nessus/148480", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148480);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-27089\",\n \"CVE-2021-27093\",\n \"CVE-2021-27095\",\n \"CVE-2021-28309\",\n \"CVE-2021-28315\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28323\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28437\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28443\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\"\n );\n script_xref(name:\"MSKB\", value:\"5001332\");\n script_xref(name:\"MSKB\", value:\"5001389\");\n script_xref(name:\"MSFT\", value:\"MS21-5001332\");\n script_xref(name:\"MSFT\", value:\"MS21-5001389\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001389: Windows Server 2008 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445)\n \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001389\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n- KB5001332\n- KB5001389\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27095\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001389',\n '5001332'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001389, 5001332])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:06", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445) \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001335: Windows 7 and Windows Server 2008 R2 Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27089", "CVE-2021-27091", "CVE-2021-27093", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28323", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28445", "CVE-2021-28446"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001335.NASL", "href": "https://www.tenable.com/plugins/nessus/148466", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148466);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-27089\",\n \"CVE-2021-27091\",\n \"CVE-2021-27093\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28323\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28437\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28443\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\"\n );\n script_xref(name:\"MSKB\", value:\"5001335\");\n script_xref(name:\"MSKB\", value:\"5001392\");\n script_xref(name:\"MSFT\", value:\"MS21-5001335\");\n script_xref(name:\"MSFT\", value:\"MS21-5001392\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001335: Windows 7 and Windows Server 2008 R2 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445)\n \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001392\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n- KB5001335\n- KB5001392\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27095\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001335',\n '5001392'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001335, 5001392])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:58", "description": "The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094, CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445) \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-13T00:00:00", "type": "nessus", "title": "KB5001382: Windows Server 2012 R2 Security Update (Apr 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27072", "CVE-2021-27089", "CVE-2021-27091", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28323", "CVE-2021-28325", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_APR_5001382.NASL", "href": "https://www.tenable.com/plugins/nessus/148477", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148477);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-26413\",\n \"CVE-2021-26415\",\n \"CVE-2021-27072\",\n \"CVE-2021-27089\",\n \"CVE-2021-27091\",\n \"CVE-2021-27093\",\n \"CVE-2021-27094\",\n \"CVE-2021-27095\",\n \"CVE-2021-27096\",\n \"CVE-2021-28309\",\n \"CVE-2021-28315\",\n \"CVE-2021-28316\",\n \"CVE-2021-28317\",\n \"CVE-2021-28318\",\n \"CVE-2021-28323\",\n \"CVE-2021-28325\",\n \"CVE-2021-28327\",\n \"CVE-2021-28328\",\n \"CVE-2021-28329\",\n \"CVE-2021-28330\",\n \"CVE-2021-28331\",\n \"CVE-2021-28332\",\n \"CVE-2021-28333\",\n \"CVE-2021-28334\",\n \"CVE-2021-28335\",\n \"CVE-2021-28336\",\n \"CVE-2021-28337\",\n \"CVE-2021-28338\",\n \"CVE-2021-28339\",\n \"CVE-2021-28340\",\n \"CVE-2021-28341\",\n \"CVE-2021-28342\",\n \"CVE-2021-28343\",\n \"CVE-2021-28344\",\n \"CVE-2021-28345\",\n \"CVE-2021-28346\",\n \"CVE-2021-28348\",\n \"CVE-2021-28349\",\n \"CVE-2021-28350\",\n \"CVE-2021-28352\",\n \"CVE-2021-28353\",\n \"CVE-2021-28354\",\n \"CVE-2021-28355\",\n \"CVE-2021-28356\",\n \"CVE-2021-28357\",\n \"CVE-2021-28358\",\n \"CVE-2021-28434\",\n \"CVE-2021-28435\",\n \"CVE-2021-28437\",\n \"CVE-2021-28439\",\n \"CVE-2021-28440\",\n \"CVE-2021-28443\",\n \"CVE-2021-28444\",\n \"CVE-2021-28445\",\n \"CVE-2021-28446\",\n \"CVE-2021-28447\"\n );\n script_xref(name:\"MSKB\", value:\"5001382\");\n script_xref(name:\"MSKB\", value:\"5001393\");\n script_xref(name:\"MSFT\", value:\"MS21-5001382\");\n script_xref(name:\"MSFT\", value:\"MS21-5001393\");\n script_xref(name:\"IAVA\", value:\"2021-A-0168-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0171-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0021\");\n\n script_name(english:\"KB5001382: Windows Server 2012 R2 Security Update (Apr 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - Win32k Elevation of Privilege Vulnerability (CVE-2021-27072)\n\n - Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089)\n\n - RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091)\n\n - Windows Kernel Information Disclosure Vulnerability (CVE-2021-27093, CVE-2021-28309)\n\n - Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability (CVE-2021-27094,\n CVE-2021-28447)\n\n - Windows Media Video Decoder Remote Code Execution Vulnerability (CVE-2021-27095, CVE-2021-28315)\n\n - NTFS Elevation of Privilege Vulnerability (CVE-2021-27096)\n\n - Windows Installer Spoofing Vulnerability (CVE-2021-26413)\n\n - Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415, CVE-2021-28440)\n\n - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability (CVE-2021-28316)\n\n - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2021-28317)\n\n - Windows GDI+ Information Disclosure Vulnerability (CVE-2021-28318)\n\n - Windows DNS Information Disclosure Vulnerability (CVE-2021-28323, CVE-2021-28328)\n\n - Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)\n\n - Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28327, CVE-2021-28329,\n CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335,\n CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341,\n CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352,\n CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358,\n CVE-2021-28434)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2021-28348, CVE-2021-28349, CVE-2021-28350)\n\n - Windows Event Tracing Information Disclosure Vulnerability (CVE-2021-28435)\n\n - Windows Installer Information Disclosure Vulnerability (CVE-2021-28437)\n\n - Windows TCP/IP Driver Denial of Service Vulnerability (CVE-2021-28439)\n\n - Windows Console Driver Denial of Service Vulnerability (CVE-2021-28443)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2021-28444)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2021-28445)\n \n - Windows Portmapping Information Disclosure Vulnerability (CVE-2021-28446)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5001393\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n- KB5001382\n- KB5001393\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27095\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28445\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-04';\nkbs = make_list(\n '5001382',\n '5001393'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'04_2021',\n bulletin:bulletin,\n rollup_kb_list:[5001382, 5001393])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:42", "description": "The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the multiple vulnerabilities, including the following:\n\n - A privilege escalation vulnerability exists in Microsoft Visual Studio's installer component. An authenticated, local attacker can exploit this, to escalate privileges on an affected system (CVE-2021-27064).\n\n - Several privilege escalation vulnerabilities exist in Microsoft Visual Studio's diagnostic hub standard collector service component. An authenticated, local attacker can exploit these, to escalate privileges on an affected system (CVE-2021-28313, CVE-2021-28321, CVE-2021-28322).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (April 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-27064", "CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_APR_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/148552", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148552);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-27064\",\n \"CVE-2021-28313\",\n \"CVE-2021-28321\",\n \"CVE-2021-28322\"\n );\n script_xref(name:\"MSKB\", value:\"5001292\");\n script_xref(name:\"MSFT\", value:\"MS21-5001292\");\n script_xref(name:\"IAVA\", value:\"2021-A-0169-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (April 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the multiple\nvulnerabilities, including the following:\n\n - A privilege escalation vulnerability exists in Microsoft Visual Studio's installer component. An authenticated, \n local attacker can exploit this, to escalate privileges on an affected system (CVE-2021-27064).\n\n - Several privilege escalation vulnerabilities exist in Microsoft Visual Studio's diagnostic hub standard collector \n service component. An authenticated, local attacker can exploit these, to escalate privileges on an affected system \n (CVE-2021-28313, CVE-2021-28321, CVE-2021-28322).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-the-elevation-of-privilege-vulnerability-in-microsoft-visual-studio-2015-update-3-april-13-2021-kb5001292-5cc101fc-387a-18ac-858b-ad0413ebf8f1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65973f66\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.35\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a4be15a\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.4#16.4.21\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4025edb6\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?274ed228\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.9.4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9691e1b1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - KB5001292 (for Visual Studio 2015)\n - Update 15.9.35 for Visual Studio 2017\n - Update 16.4.21 for Visual Studio 2019\n - Update 16.7.14 for Visual Studio 2019\n - Update 16.9.4 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28322\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('install_func.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nvar port = kb_smb_transport();\nvar appname = 'Microsoft Visual Studio';\nvar installs = get_installs(app_name:appname, exit_if_not_found:TRUE);\nvar report = '';\n\nvar install;\nforeach install (installs[1])\n{\n var version = install['version'];\n var path = install['path'];\n var prod = install['product_version'];\n var fix = '';\n\n # VS 2015 Update 3\n if (version =~ '^14\\\\.0\\\\.')\n {\n fix = '14.0.27549.0';\n file = hotfix_append_path(path:path, \n value:'\\\\Team Tools\\\\DiagnosticHubCollector\\\\Collector\\\\DiagnosticsHub.StandardCollector.Runtime.dll');\n fver = hotfix_get_fversion(path:file);\n\n if (fver['error'] != HCF_OK || empty_or_null(fver['value']))\n continue;\n\n fversion = join(sep:'.', fver['value']);\n if (ver_compare(ver:fversion, fix:fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + file +\n '\\n Installed version : ' + fversion +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # https://docs.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2017\n # VS 2017\n else if (prod == '2017')\n {\n fix = '15.9.28307.1500';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # https://docs.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2019\n #\n # VS 2019 Version 16.0-4\n else if (prod == '2019' && version =~ \"^16\\.[0-4]\\.\")\n {\n fix = '16.4.31205.175';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.5-7\n else if (prod == '2019' && version =~ \"^16\\.[5-7]\\.\")\n {\n fix = '16.7.31205.176';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.8-9\n else if (prod == '2019' && version =~ \"^16\\.[89]\\.\")\n {\n fix = '16.9.31205.134';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n}\n\nhotfix_check_fversion_end();\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-05-27T15:01:34", "description": "### *Detect date*:\n04/13/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface.\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2019 \nWindows 8.1 for x64-based systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows RT 8.1 \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2012 \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-28356](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28356>) \n[CVE-2021-28328](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28328>) \n[CVE-2021-28349](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28349>) \n[CVE-2021-28439](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28439>) \n[CVE-2021-28315](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28315>) \n[CVE-2021-27096](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27096>) \n[CVE-2021-28330](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28330>) \n[CVE-2021-28338](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28338>) \n[CVE-2021-28344](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28344>) \n[CVE-2021-28329](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28329>) \n[CVE-2021-28355](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28355>) \n[CVE-2021-28339](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28339>) \n[CVE-2021-28354](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28354>) \n[CVE-2021-28332](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28332>) \n[CVE-2021-28309](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28309>) \n[CVE-2021-27093](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27093>) \n[CVE-2021-28342](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28342>) \n[CVE-2021-28317](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28317>) \n[CVE-2021-28345](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28345>) \n[CVE-2021-27095](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27095>) \n[CVE-2021-28334](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28334>) \n[CVE-2021-28333](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28333>) \n[CVE-2021-28323](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28323>) \n[CVE-2021-28434](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28434>) \n[CVE-2021-28437](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28437>) \n[CVE-2021-28316](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28316>) \n[CVE-2021-28341](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28341>) \n[CVE-2021-27089](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27089>) \n[CVE-2021-28358](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28358>) \n[CVE-2021-28336](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28336>) \n[CVE-2021-28440](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28440>) \n[CVE-2021-28337](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28337>) \n[CVE-2021-27091](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27091>) \n[CVE-2021-28357](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28357>) \n[CVE-2021-28445](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28445>) \n[CVE-2021-28350](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28350>) \n[CVE-2021-28335](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28335>) \n[CVE-2021-28352](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28352>) \n[CVE-2021-28346](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28346>) \n[CVE-2021-28327](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28327>) \n[CVE-2021-28353](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28353>) \n[CVE-2021-28340](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28340>) \n[CVE-2021-28318](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28318>) \n[CVE-2021-28446](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28446>) \n[CVE-2021-26415](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26415>) \n[CVE-2021-28443](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28443>) \n[CVE-2021-28331](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28331>) \n[CVE-2021-28348](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28348>) \n[CVE-2021-26413](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26413>) \n[CVE-2021-28343](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28343>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-27096](<https://vulners.com/cve/CVE-2021-27096>)4.6Warning \n[CVE-2021-28330](<https://vulners.com/cve/CVE-2021-28330>)6.5High \n[CVE-2021-28338](<https://vulners.com/cve/CVE-2021-28338>)6.5High \n[CVE-2021-28329](<https://vulners.com/cve/CVE-2021-28329>)6.5High \n[CVE-2021-28332](<https://vulners.com/cve/CVE-2021-28332>)6.5High \n[CVE-2021-28309](<https://vulners.com/cve/CVE-2021-28309>)2.1Warning \n[CVE-2021-28342](<https://vulners.com/cve/CVE-2021-28342>)6.5High \n[CVE-2021-27095](<https://vulners.com/cve/CVE-2021-27095>)6.8High \n[CVE-2021-28334](<https://vulners.com/cve/CVE-2021-28334>)6.5High \n[CVE-2021-26413](<https://vulners.com/cve/CVE-2021-26413>)2.1Warning \n[CVE-2021-27089](<https://vulners.com/cve/CVE-2021-27089>)6.8High \n[CVE-2021-28358](<https://vulners.com/cve/CVE-2021-28358>)6.5High \n[CVE-2021-28336](<https://vulners.com/cve/CVE-2021-28336>)6.5High \n[CVE-2021-28440](<https://vulners.com/cve/CVE-2021-28440>)4.6Warning \n[CVE-2021-27091](<https://vulners.com/cve/CVE-2021-27091>)4.6Warning \n[CVE-2021-28350](<https://vulners.com/cve/CVE-2021-28350>)4.6Warning \n[CVE-2021-28335](<https://vulners.com/cve/CVE-2021-28335>)6.5High \n[CVE-2021-28352](<https://vulners.com/cve/CVE-2021-28352>)6.5High \n[CVE-2021-28340](<https://vulners.com/cve/CVE-2021-28340>)6.5High \n[CVE-2021-28318](<https://vulners.com/cve/CVE-2021-28318>)2.1Warning \n[CVE-2021-28446](<https://vulners.com/cve/CVE-2021-28446>)2.1Warning \n[CVE-2021-28331](<https://vulners.com/cve/CVE-2021-28331>)6.5High \n[CVE-2021-28356](<https://vulners.com/cve/CVE-2021-28356>)6.5High \n[CVE-2021-28328](<https://vulners.com/cve/CVE-2021-28328>)4.0Warning \n[CVE-2021-28349](<https://vulners.com/cve/CVE-2021-28349>)4.6Warning \n[CVE-2021-28439](<https://vulners.com/cve/CVE-2021-28439>)5.0Critical \n[CVE-2021-28315](<https://vulners.com/cve/CVE-2021-28315>)4.6Warning \n[CVE-2021-28344](<https://vulners.com/cve/CVE-2021-28344>)6.5High \n[CVE-2021-28355](<https://vulners.com/cve/CVE-2021-28355>)6.5High \n[CVE-2021-28339](<https://vulners.com/cve/CVE-2021-28339>)6.5High \n[CVE-2021-27093](<https://vulners.com/cve/CVE-2021-27093>)2.1Warning \n[CVE-2021-28317](<https://vulners.com/cve/CVE-2021-28317>)2.1Warning \n[CVE-2021-28345](<https://vulners.com/cve/CVE-2021-28345>)6.5High \n[CVE-2021-28333](<https://vulners.com/cve/CVE-2021-28333>)6.5High \n[CVE-2021-28323](<https://vulners.com/cve/CVE-2021-28323>)4.0Warning \n[CVE-2021-28434](<https://vulners.com/cve/CVE-2021-28434>)6.5High \n[CVE-2021-28437](<https://vulners.com/cve/CVE-2021-28437>)2.1Warning \n[CVE-2021-28316](<https://vulners.com/cve/CVE-2021-28316>)2.1Warning \n[CVE-2021-28341](<https://vulners.com/cve/CVE-2021-28341>)6.5High \n[CVE-2021-28337](<https://vulners.com/cve/CVE-2021-28337>)6.5High \n[CVE-2021-28357](<https://vulners.com/cve/CVE-2021-28357>)6.5High \n[CVE-2021-28445](<https://vulners.com/cve/CVE-2021-28445>)6.5High \n[CVE-2021-28346](<https://vulners.com/cve/CVE-2021-28346>)6.5High \n[CVE-2021-28327](<https://vulners.com/cve/CVE-2021-28327>)6.5High \n[CVE-2021-28353](<https://vulners.com/cve/CVE-2021-28353>)6.5High \n[CVE-2021-26415](<https://vulners.com/cve/CVE-2021-26415>)4.6Warning \n[CVE-2021-28443](<https://vulners.com/cve/CVE-2021-28443>)2.1Warning \n[CVE-2021-28348](<https://vulners.com/cve/CVE-2021-28348>)4.6Warning \n[CVE-2021-28354](<https://vulners.com/cve/CVE-2021-28354>)6.5High \n[CVE-2021-28343](<https://vulners.com/cve/CVE-2021-28343>)6.5High\n\n### *KB list*:\n[5001335](<http://support.microsoft.com/kb/5001335>) \n[5001389](<http://support.microsoft.com/kb/5001389>) \n[5001332](<http://support.microsoft.com/kb/5001332>) \n[5001392](<http://support.microsoft.com/kb/5001392>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T00:00:00", "type": "kaspersky", "title": "KLA12142 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-27089", "CVE-2021-27091", "CVE-2021-27093", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28323", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28437", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28443", "CVE-2021-28445", "CVE-2021-28446"], "modified": "2021-04-22T00:00:00", "id": "KLA12142", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12142/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T15:01:39", "description": "### *Detect date*:\n04/13/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, execute arbitrary code, cause denial of service, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server, version 1909 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 10 for x64-based Systems \nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6) \nWindows Server 2012 R2 \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2019 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nVP9 Video Extensions \nWindows 8.1 for x64-based systems \nRaw Image Extension \nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \nWindows 10 Version 1909 for x64-based Systems \nMicrosoft Visual Studio 2015 Update 3 \nWindows Server 2016 \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows RT 8.1 \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 2004 (Server Core installation) \nWindows 8.1 for 32-bit systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2012 \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 R2 (Server Core installation) \nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-28435](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28435>) \n[CVE-2021-28447](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28447>) \n[CVE-2021-27096](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27096>) \n[CVE-2021-28330](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28330>) \n[CVE-2021-28338](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28338>) \n[CVE-2021-27092](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27092>) \n[CVE-2021-28329](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28329>) \n[CVE-2021-28468](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28468>) \n[CVE-2021-28438](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28438>) \n[CVE-2021-26417](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26417>) \n[CVE-2021-28332](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28332>) \n[CVE-2021-28309](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28309>) \n[CVE-2021-28342](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28342>) \n[CVE-2021-27095](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27095>) \n[CVE-2021-28334](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28334>) \n[CVE-2021-26413](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26413>) \n[CVE-2021-27089](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27089>) \n[CVE-2021-27094](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27094>) \n[CVE-2021-28358](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28358>) \n[CVE-2021-28444](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28444>) \n[CVE-2021-28336](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28336>) \n[CVE-2021-28440](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28440>) \n[CVE-2021-27091](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27091>) \n[CVE-2021-28325](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28325>) \n[CVE-2021-28441](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28441>) \n[CVE-2021-28320](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28320>) \n[CVE-2021-28322](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28322>) \n[CVE-2021-28350](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28350>) \n[CVE-2021-28335](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28335>) \n[CVE-2021-28352](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28352>) \n[CVE-2021-27086](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27086>) \n[CVE-2021-27079](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27079>) \n[CVE-2021-28340](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28340>) \n[CVE-2021-28318](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28318>) \n[CVE-2021-28312](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28312>) \n[CVE-2021-28446](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28446>) \n[CVE-2021-27072](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27072>) \n[CVE-2021-28331](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28331>) \n[CVE-2021-27088](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27088>) \n[CVE-2021-28319](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28319>) \n[CVE-2021-28311](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28311>) \n[CVE-2021-28466](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28466>) \n[CVE-2021-28356](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28356>) \n[CVE-2021-28328](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28328>) \n[CVE-2021-28349](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28349>) \n[CVE-2021-28439](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28439>) \n[CVE-2021-28313](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28313>) \n[CVE-2021-28315](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28315>) \n[CVE-2021-28344](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28344>) \n[CVE-2021-27090](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27090>) \n[CVE-2021-28355](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28355>) \n[CVE-2021-28339](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28339>) \n[CVE-2021-28351](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28351>) \n[CVE-2021-28347](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28347>) \n[CVE-2021-27093](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27093>) \n[CVE-2021-28317](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28317>) \n[CVE-2021-28345](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28345>) \n[CVE-2021-28314](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28314>) \n[CVE-2021-28464](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28464>) \n[CVE-2021-28333](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28333>) \n[CVE-2021-28323](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28323>) \n[CVE-2021-28434](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28434>) \n[CVE-2021-28437](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28437>) \n[CVE-2021-26416](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26416>) \n[CVE-2021-28316](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28316>) \n[CVE-2021-28341](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28341>) \n[CVE-2021-28321](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28321>) \n[CVE-2021-28436](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28436>) \n[CVE-2021-28337](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28337>) \n[CVE-2021-28357](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28357>) \n[CVE-2021-28310](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28310>) \n[CVE-2021-28324](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28324>) \n[CVE-2021-28326](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28326>) \n[CVE-2021-28445](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28445>) \n[CVE-2021-28346](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28346>) \n[CVE-2021-28327](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28327>) \n[CVE-2021-28353](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28353>) \n[CVE-2021-26415](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-26415>) \n[CVE-2021-28443](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28443>) \n[CVE-2021-28442](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28442>) \n[CVE-2021-28348](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28348>) \n[CVE-2021-28354](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28354>) \n[CVE-2021-28343](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-28343>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)\n\n### *CVE-IDS*:\n[CVE-2021-28435](<https://vulners.com/cve/CVE-2021-28435>)2.1Warning \n[CVE-2021-28447](<https://vulners.com/cve/CVE-2021-28447>)2.1Warning \n[CVE-2021-27096](<https://vulners.com/cve/CVE-2021-27096>)4.6Warning \n[CVE-2021-28330](<https://vulners.com/cve/CVE-2021-28330>)6.5High \n[CVE-2021-28338](<https://vulners.com/cve/CVE-2021-28338>)6.5High \n[CVE-2021-27092](<https://vulners.com/cve/CVE-2021-27092>)7.5Critical \n[CVE-2021-28329](<https://vulners.com/cve/CVE-2021-28329>)6.5High \n[CVE-2021-28468](<https://vulners.com/cve/CVE-2021-28468>)6.8High \n[CVE-2021-28438](<https://vulners.com/cve/CVE-2021-28438>)2.1Warning \n[CVE-2021-26417](<https://vulners.com/cve/CVE-2021-26417>)2.1Warning \n[CVE-2021-28332](<https://vulners.com/cve/CVE-2021-28332>)6.5High \n[CVE-2021-28309](<https://vulners.com/cve/CVE-2021-28309>)2.1Warning \n[CVE-2021-28342](<https://vulners.com/cve/CVE-2021-28342>)6.5High \n[CVE-2021-27095](<https://vulners.com/cve/CVE-2021-27095>)6.8High \n[CVE-2021-28334](<https://vulners.com/cve/CVE-2021-28334>)6.5High \n[CVE-2021-26413](<https://vulners.com/cve/CVE-2021-26413>)2.1Warning \n[CVE-2021-27089](<https://vulners.com/cve/CVE-2021-27089>)6.8High \n[CVE-2021-27094](<https://vulners.com/cve/CVE-2021-27094>)2.1Warning \n[CVE-2021-28358](<https://vulners.com/cve/CVE-2021-28358>)6.5High \n[CVE-2021-28444](<https://vulners.com/cve/CVE-2021-28444>)4.0Warning \n[CVE-2021-28336](<https://vulners.com/cve/CVE-2021-28336>)6.5High \n[CVE-2021-28440](<https://vulners.com/cve/CVE-2021-28440>)4.6Warning \n[CVE-2021-27091](<https://vulners.com/cve/CVE-2021-27091>)4.6Warning \n[CVE-2021-28325](<https://vulners.com/cve/CVE-2021-28325>)4.0Warning \n[CVE-2021-28441](<https://vulners.com/cve/CVE-2021-28441>)2.1Warning \n[CVE-2021-28320](<https://vulners.com/cve/CVE-2021-28320>)4.6Warning \n[CVE-2021-28322](<https://vulners.com/cve/CVE-2021-28322>)4.6Warning \n[CVE-2021-28350](<https://vulners.com/cve/CVE-2021-28350>)4.6Warning \n[CVE-2021-28335](<https://vulners.com/cve/CVE-2021-28335>)6.5High \n[CVE-2021-28352](<https://vulners.com/cve/CVE-2021-28352>)6.5High \n[CVE-2021-27086](<https://vulners.com/cve/CVE-2021-27086>)4.6Warning \n[CVE-2021-27079](<https://vulners.com/cve/CVE-2021-27079>)6.3High \n[CVE-2021-28340](<https://vulners.com/cve/CVE-2021-28340>)6.5High \n[CVE-2021-28318](<https://vulners.com/cve/CVE-2021-28318>)2.1Warning \n[CVE-2021-28312](<https://vulners.com/cve/CVE-2021-28312>)4.3Warning \n[CVE-2021-28446](<https://vulners.com/cve/CVE-2021-28446>)2.1Warning \n[CVE-2021-27072](<https://vulners.com/cve/CVE-2021-27072>)4.6Warning \n[CVE-2021-28331](<https://vulners.com/cve/CVE-2021-28331>)6.5High \n[CVE-2021-27088](<https://vulners.com/cve/CVE-2021-27088>)4.6Warning \n[CVE-2021-28319](<https://vulners.com/cve/CVE-2021-28319>)5.0Critical \n[CVE-2021-28311](<https://vulners.com/cve/CVE-2021-28311>)4.3Warning \n[CVE-2021-28466](<https://vulners.com/cve/CVE-2021-28466>)6.8High \n[CVE-2021-28356](<https://vulners.com/cve/CVE-2021-28356>)6.5High \n[CVE-2021-28328](<https://vulners.com/cve/CVE-2021-28328>)4.0Warning \n[CVE-2021-28349](<https://vulners.com/cve/CVE-2021-28349>)4.6Warning \n[CVE-2021-28439](<https://vulners.com/cve/CVE-2021-28439>)5.0Critical \n[CVE-2021-28313](<https://vulners.com/cve/CVE-2021-28313>)4.6Warning \n[CVE-2021-28315](<https://vulners.com/cve/CVE-2021-28315>)4.6Warning \n[CVE-2021-28344](<https://vulners.com/cve/CVE-2021-28344>)6.5High \n[CVE-2021-27090](<https://vulners.com/cve/CVE-2021-27090>)4.6Warning \n[CVE-2021-28355](<https://vulners.com/cve/CVE-2021-28355>)6.5High \n[CVE-2021-28339](<https://vulners.com/cve/CVE-2021-28339>)6.5High \n[CVE-2021-28351](<https://vulners.com/cve/CVE-2021-28351>)4.6Warning \n[CVE-2021-28347](<https://vulners.com/cve/CVE-2021-28347>)4.6Warning \n[CVE-2021-27093](<https://vulners.com/cve/CVE-2021-27093>)2.1Warning \n[CVE-2021-28317](<https://vulners.com/cve/CVE-2021-28317>)2.1Warning \n[CVE-2021-28345](<https://vulners.com/cve/CVE-2021-28345>)6.5High \n[CVE-2021-28314](<https://vulners.com/cve/CVE-2021-28314>)4.6Warning \n[CVE-2021-28464](<https://vulners.com/cve/CVE-2021-28464>)6.8High \n[CVE-2021-28333](<https://vulners.com/cve/CVE-2021-28333>)6.5High \n[CVE-2021-28323](<https://vulners.com/cve/CVE-2021-28323>)4.0Warning \n[CVE-2021-28434](<https://vulners.com/cve/CVE-2021-28434>)6.5High \n[CVE-2021-28437](<https://vulners.com/cve/CVE-2021-28437>)2.1Warning \n[CVE-2021-26416](<https://vulners.com/cve/CVE-2021-26416>)7.8Critical \n[CVE-2021-28316](<https://vulners.com/cve/CVE-2021-28316>)2.1Warning \n[CVE-2021-28341](<https://vulners.com/cve/CVE-2021-28341>)6.5High \n[CVE-2021-28321](<https://vulners.com/cve/CVE-2021-28321>)4.6Warning \n[CVE-2021-28436](<https://vulners.com/cve/CVE-2021-28436>)4.6Warning \n[CVE-2021-28337](<https://vulners.com/cve/CVE-2021-28337>)6.5High \n[CVE-2021-28357](<https://vulners.com/cve/CVE-2021-28357>)6.5High \n[CVE-2021-28310](<https://vulners.com/cve/CVE-2021-28310>)4.6Warning \n[CVE-2021-28324](<https://vulners.com/cve/CVE-2021-28324>)5.0Critical \n[CVE-2021-28326](<https://vulners.com/cve/CVE-2021-28326>)3.6Warning \n[CVE-2021-28445](<https://vulners.com/cve/CVE-2021-28445>)6.5High \n[CVE-2021-28346](<https://vulners.com/cve/CVE-2021-28346>)6.5High \n[CVE-2021-28327](<https://vulners.com/cve/CVE-2021-28327>)6.5High \n[CVE-2021-28353](<https://vulners.com/cve/CVE-2021-28353>)6.5High \n[CVE-2021-26415](<https://vulners.com/cve/CVE-2021-26415>)4.6Warning \n[CVE-2021-28443](<https://vulners.com/cve/CVE-2021-28443>)2.1Warning \n[CVE-2021-28442](<https://vulners.com/cve/CVE-2021-28442>)4.0Warning \n[CVE-2021-28348](<https://vulners.com/cve/CVE-2021-28348>)4.6Warning \n[CVE-2021-28354](<https://vulners.com/cve/CVE-2021-28354>)6.5High \n[CVE-2021-28343](<https://vulners.com/cve/CVE-2021-28343>)6.5High\n\n### *KB list*:\n[5001347](<http://support.microsoft.com/kb/5001347>) \n[5001330](<http://support.microsoft.com/kb/5001330>) \n[5001337](<http://support.microsoft.com/kb/5001337>) \n[5001383](<http://support.microsoft.com/kb/5001383>) \n[5001387](<http://support.microsoft.com/kb/5001387>) \n[5001393](<http://support.microsoft.com/kb/5001393>) \n[5001342](<http://support.microsoft.com/kb/5001342>) \n[5001382](<http://support.microsoft.com/kb/5001382>) \n[5001339](<http://support.microsoft.com/kb/5001339>) \n[5001340](<http://support.microsoft.com/kb/5001340>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T00:00:00", "type": "kaspersky", "title": "KLA12139 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27090", "CVE-2021-27091", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28324", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447", "CVE-2021-28464", "CVE-2021-28466", "CVE-2021-28468"], "modified": "2021-04-22T00:00:00", "id": "KLA12139", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12139/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-05-27T14:35:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28329", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T21:10:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28329", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28329", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28331", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T20:01:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28331", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28331", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28334", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T19:17:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28334", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28334", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28339", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:45:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28339", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:20", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28342", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28342", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:20", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28343", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28343", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:22", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28352", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T20:53:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28352", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:23", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28344", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:32:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28344", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28344", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:23", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28346", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T20:44:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28346", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28346", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28332", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T20:01:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28332", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28332", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28335", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T19:25:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28335", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28335", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:23", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28357", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T20:37:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28357", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28357", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:22", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28353", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T21:08:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28353", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28353", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:22", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28355", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T21:08:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28355", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28355", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:22", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28354", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T21:08:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28354", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:22", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28356", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T20:36:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28356", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:20", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28341", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:44:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28341", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:23", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28327", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T21:10:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28327", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28327", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:27", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28434", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T20:27:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28434", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28336", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T19:25:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28336", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28336", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:21", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28345", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:31:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28345", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28345", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:23", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28358", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-16T20:26:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28358", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28330", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T20:00:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28330", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28330", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28333", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T20:00:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28333", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28333", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28340", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:45:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28340", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:20", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28337", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T19:25:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28337", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:20", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28338", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-19T18:46:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28338", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:21", "description": "Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28350", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350"], "modified": "2021-04-20T13:43:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28350", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28350", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:23", "description": "Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28349", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350"], "modified": "2021-04-20T13:59:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28349", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:21", "description": "Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28348", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350"], "modified": "2021-04-20T13:59:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28348", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28348", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:21", "description": "Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28436.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28351", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28347", "CVE-2021-28351", "CVE-2021-28436"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28351", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:34", "description": "Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28436", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28347", "CVE-2021-28351", "CVE-2021-28436"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28436", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:21", "description": "Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28351, CVE-2021-28436.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28347", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28347", "CVE-2021-28351", "CVE-2021-28436"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28347", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28322", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2021-04-22T13:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/a:microsoft:visual_studio_2019:16.7", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/a:microsoft:visual_studio_2019:16.9", "cpe:/o:microsoft:windows_10:2004", "cpe:/a:microsoft:visual_studio_2017:15.9", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/a:microsoft:visual_studio:2015"], "id": "CVE-2021-28322", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28322", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28321", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/a:microsoft:visual_studio_2019:16.7", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/a:microsoft:visual_studio_2019:16.9", "cpe:/o:microsoft:windows_10:2004", "cpe:/a:microsoft:visual_studio_2017:15.9", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/a:microsoft:visual_studio:2015"], "id": "CVE-2021-28321", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28321", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:15", "description": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28313", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2021-04-22T13:03:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/a:microsoft:visual_studio_2019:16.7", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/a:microsoft:visual_studio_2019:16.9", "cpe:/o:microsoft:windows_10:2004", "cpe:/a:microsoft:visual_studio_2017:15.9", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/a:microsoft:visual_studio:2015"], "id": "CVE-2021-28313", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28313", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28315.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27095", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27095", "CVE-2021-28315"], "modified": "2021-04-16T19:41:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-27095", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27095", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:15", "description": "Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28315", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27095", "CVE-2021-28315"], "modified": "2021-04-15T21:06:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28315", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27093", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27093", "CVE-2021-28309"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-27093", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27093", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28309", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27093", "CVE-2021-28309"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28309", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28309", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:14", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28310", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27072", "CVE-2021-28310"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28310", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:52", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27072", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27072", "CVE-2021-28310"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-27072", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27072", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-27094.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28447", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27094", "CVE-2021-28447"], "modified": "2021-09-14T17:05:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-28447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28447", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27094", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27094", "CVE-2021-28447"], "modified": "2021-09-14T17:05:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-27094", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27094", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:28", "description": "Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28438", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28438", "CVE-2021-28443"], "modified": "2021-04-20T18:51:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28438", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28443", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28438", "CVE-2021-28443"], "modified": "2021-04-20T19:33:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28443", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28443", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26415.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28440", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26415", "CVE-2021-28440"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28440", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:45", "description": "Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-26415", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26415", "CVE-2021-28440"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-26415", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26415", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:28", "description": "Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28319.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28439", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28319", "CVE-2021-28439"], "modified": "2021-04-20T18:54:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-28439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28439", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28319", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28319", "CVE-2021-28439"], "modified": "2021-04-15T20:57:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28319", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28319", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:17", "description": "Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28328", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28323", "CVE-2021-28328"], "modified": "2021-04-20T12:53:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28328", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28328", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28323", "cwe": ["CWE-178"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28323", "CVE-2021-28328"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28323", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28323", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Windows Services and Controller App Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27086", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27086"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-27086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27086", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Windows Event Tracing Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27088", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27088"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-27088", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27088", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Azure AD Web Sign-in Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27092", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27092"], "modified": "2021-04-16T20:24:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-27092", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27092", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:53", "description": "Windows Media Photo Codec Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27079", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27079"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-27079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27079", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows Hyper-V Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28441", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28441"], "modified": "2021-04-21T01:05:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28441", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:17", "description": "Windows AppX Deployment Server Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28326", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28326"], "modified": "2021-06-04T18:49:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28326", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28326", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:45", "description": "Windows Hyper-V Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-26416", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26416"], "modified": "2021-04-16T20:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-26416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26416", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:55", "description": "Microsoft Internet Messaging API Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27089", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27089"], "modified": "2021-04-15T18:34:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-27089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27089", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:32:56", "description": "NTFS Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-27096", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27096"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-27096", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27096", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows Hyper-V Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28444", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28444"], "modified": "2021-04-21T01:09:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-28444", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28444", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:30", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28445", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28445"], "modified": "2021-04-21T01:21:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:-"], "id": "CVE-2021-28445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28445", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28316", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28316"], "modified": "2021-04-15T20:47:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-28316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28316", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:27", "description": "Windows Event Tracing Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28435", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28435"], "modified": "2021-04-16T21:07:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2"], "id": "CVE-2021-28435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28435", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:14", "description": "Windows Hyper-V Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28314", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28314"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28314", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28314", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:18", "description": "Microsoft Windows Codecs Library Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28317", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28317"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28317", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows Portmapping Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28446", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28446"], "modified": "2021-04-20T19:44:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28446", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28446", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:14", "description": "Windows NTFS Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28312", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28312"], "modified": "2021-04-16T14:45:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28312", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28312", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:29", "description": "Windows TCP/IP Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28442", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28442"], "modified": "2021-04-20T19:26:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28442", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:30", "description": "Windows Installer Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28437", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28437"], "modified": "2021-04-19T15:10:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28437", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28437", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:45", "description": "Windows Overlay Filter Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-26417", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26417"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-26417", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26417", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Windows GDI+ Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28318", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28318"], "modified": "2022-06-28T14:11:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-28318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28318", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:31:43", "description": "Windows Installer Spoofing Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-26413", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26413"], "modified": "2021-04-20T02:57:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:sp2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2"], "id": "CVE-2021-26413", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26413", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:14", "description": "Windows Application Compatibility Cache Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28311", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28311"], "modified": "2021-04-16T14:51:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28311", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28311", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:35:16", "description": "Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T20:15:00", "type": "cve", "title": "CVE-2021-28320", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28320"], "modified": "2022-05-03T16:04:00", "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-28320", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28320", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-05-27T14:47:14", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28357", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28357", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28355", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28355", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28352", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28352", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28343", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28343", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28340", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28340", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28345", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28345", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28344", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28344", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28330", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28330", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28354", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28354", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28341", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28341", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28333", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28333", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:14", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28358", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28358", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28339", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28339", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28342", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28342", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:17", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28338", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28338", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28337", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28337", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:16", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28346", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28346", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28336", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28336", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28329", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28329", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:14", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28434", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28434", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28353", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28353", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:14", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28356", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28356", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28334", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28334", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28335", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28335", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28332", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28332", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:18", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28331", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28331", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:19", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Remote Procedure Call Runtime Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28327", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28327", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows GDI+ Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28350", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28350", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows GDI+ Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28349", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28349", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:16", "description": "Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows GDI+ Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28348", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28348", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:15", "description": "Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28436.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Speech Runtime Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28347", "CVE-2021-28351", "CVE-2021-28436"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28351", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28351", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:16", "description": "Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28351, CVE-2021-28436.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Speech Runtime Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28347", "CVE-2021-28351", "CVE-2021-28436"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28347", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28347", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:14", "description": "Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Speech Runtime Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28347", "CVE-2021-28351", "CVE-2021-28436"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28436", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28436", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28313", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28313", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:20", "description": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28322", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28322", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:21", "description": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28321", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28321", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Media Video Decoder Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27095", "CVE-2021-28315"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28315", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28315", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28315.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Media Video Decoder Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27095", "CVE-2021-28315"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27095", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27095", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27093", "CVE-2021-28309"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28309", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28309", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:24", "description": "Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27093", "CVE-2021-28309"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27093", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27093", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27072", "CVE-2021-28310"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28310", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:25", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27072", "CVE-2021-28310"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27072", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27072", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:12", "description": "Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-27094.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27094", "CVE-2021-28447"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28447", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28447", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T14:47:24", "description": "Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27094", "CVE-2021-28447"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27094", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27094", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T14:47:13", "description": "Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Console Driver Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28438", "CVE-2021-28443"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28438", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28438", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:47:12", "description": "Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Console Driver Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28438", "CVE-2021-28443"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28443", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28443", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:47:13", "description": "Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26415.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Installer Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26415", "CVE-2021-28440"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28440", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28440", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Installer Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26415", "CVE-2021-28440"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-26415", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26415", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:21", "description": "Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows TCP/IP Driver Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28319", "CVE-2021-28439"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28319", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28319", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:47:13", "description": "Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28319.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows TCP/IP Driver Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28319", "CVE-2021-28439"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28439", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28439", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:47:19", "description": "Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows DNS Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28323", "CVE-2021-28328"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28328", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28328", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:20", "description": "Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows DNS Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28323", "CVE-2021-28328"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28323", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28323", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:09", "description": "Windows Services and Controller App Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Services and Controller App Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27086"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27086", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27086", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:24", "description": "Windows Event Tracing Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Event Tracing Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27088"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27088", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27088", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:24", "description": "Azure AD Web Sign-in Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Azure AD Web Sign-in Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27092"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27092", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27092", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:24", "description": "Windows Media Photo Codec Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Media Photo Codec Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27079"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27079", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27079", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:13", "description": "Windows Hyper-V Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Hyper-V Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28441"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28441", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28441", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Windows Hyper-V Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Hyper-V Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26416"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-26416", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26416", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-05-27T14:47:20", "description": "Windows AppX Deployment Server Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows AppX Deployment Server Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28326"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28326", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28326", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:24", "description": "Microsoft Internet Messaging API Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Microsoft Internet Messaging API Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27089"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27089", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27089", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:23", "description": "NTFS Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "NTFS Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27096"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-27096", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27096", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:12", "description": "Windows Hyper-V Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Hyper-V Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28444"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28444", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28444", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T14:47:12", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28445"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28445", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28445", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28316"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28316", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28316", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Windows Hyper-V Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Hyper-V Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28314"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28314", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28314", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:47:14", "description": "Windows Event Tracing Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Event Tracing Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28435"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28435", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28435", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Microsoft Windows Codecs Library Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Microsoft Windows Codecs Library Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28317"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28317", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28317", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Windows NTFS Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows NTFS Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28312"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28312", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28312", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:47:12", "description": "N/A\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Portmapping Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28446"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28446", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28446", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:13", "description": "Windows TCP/IP Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows TCP/IP Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28442"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28442", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28442", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:21", "description": "Windows GDI+ Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows GDI+ Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28318"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28318", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28318", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:14", "description": "Windows Installer Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Installer Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28437"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28437", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28437", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Windows Overlay Filter Information Disclosure Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Overlay Filter Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26417"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-26417", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26417", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:47:23", "description": "Windows Installer Spoofing Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Installer Spoofing Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26413"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-26413", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26413", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-27T14:47:22", "description": "Windows Application Compatibility Cache Denial of Service Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Application Compatibility Cache Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28311"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28311", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28311", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T14:47:21", "description": "Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mscve", "title": "Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28320"], "modified": "2021-04-13T07:00:00", "id": "MS:CVE-2021-28320", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28320", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-05-27T23:39:26", "description": "Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434.", "cvss3": {}, "published": "2023-05-27T23:38:15", "type": "alpinelinux", "title": "CVE-2021-28327", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-28327", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434"], "modified": "2023-05-27T23:38:15", "id": "ALPINE:CVE-2021-28327", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2021-04-15T10:50:55", "description": "![Patch Tuesday - April 2021](https://blog.rapid7.com/content/images/2021/04/patches-2.jpg)\n\nPatch Tuesday is here again and there are more Exchange updates to apply! A total of 114 vulnerabilities were fixed this month with more than half of them affecting all versions of Windows, with about half of them being remote code execution bugs, and about a fifth of them being rated as critical by Microsoft. Let's dive in!\n\n## New Exchange Server Patches Available\n\nIf you were only going to patch one thing today, please let it be this. Exchange Server has been a hot topic since the vulnerabilities announced in the out-of-band advisory back at the beginning of March saw widespread exploitation. The vulnerabilities this month were reported to Microsoft via the NSA in the interest of national security. The Exchange team has [also released a very helpful blog post with instructions](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617 >) on how to patch from any version to the latest secure version. While these have not been exploited in the wild at the time of writing it is only a matter of time before someone reverse engineers the patches and gets up to no good.\n\nCVEs: [CVE-2021-28310](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310>), [CVE-2021-28481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28481>), [CVE-2021-28482](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28482>), [CVE-2021-28483](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28483>)\n\n## Windows RPC Runtime\n\nNext up we have a relatively high number of patches in the Windows Remote Procedure Call Runtime. There were 27 remote code execution vulnerabilities fixed this month. Someone was busy finding bugs! The RPC Runtime is available on all versions of Windows so make sure both Servers and Clients get these updates. Many of these are critical (according to the CVSS3 vectors) requiring no user interaction and only network level access. \n\nCVEs: [CVE-2021-28329](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28329>) to [CVE-2021-28339](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28339>) (please see the list below for a complete list)\n\n## Publicly Disclosed and Exploited\n\nLastly, we have a few vulnerabilities that have been disclosed publicly and one observed in the wild. A few of these are low severity but we rarely see vulnerabilities leveraged by themselves these days. Many attackers have shifted to using exploit chains in order to turn a few low severity bugs into a more complete compromise. Microsoft has also rated a few information disclosure vulnerabilities as \"Exploitation More Likely\" in SMB Server and the TCP/IP stack.\n\nCVEs: [CVE-2021-27091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27091>), [CVE-2021-28310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28310>), [CVE-2021-28312](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28312>), [CVE-2021-28437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28437>), [CVE-2021-28458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28458>), [CVE-2021-28324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28324>), [CVE-2021-28442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28442>)\n\n## Summary Tables\n\nHere are this month's patched vulnerabilities split by the product family.\n\n## Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28458>) | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-28460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28460>) | Azure Sphere Unsigned Code Execution Vulnerability | No | No | 8.1 | Yes \n \n## Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-21199](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21199>) | Chromium: CVE-2021-21199 Use Use after free in Aura | No | No | N/A | Yes \n[CVE-2021-21198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21198>) | Chromium: CVE-2021-21198 Out of bounds read in IPC | No | No | N/A | Yes \n[CVE-2021-21197](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21197>) | Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2021-21196](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21196>) | Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip | No | No | N/A | Yes \n[CVE-2021-21195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21195>) | Chromium: CVE-2021-21195 Use after free in V8 | No | No | N/A | Yes \n[CVE-2021-21194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21194>) | Chromium: CVE-2021-21194 Use after free in screen capture | No | No | N/A | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064>) | Visual Studio Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28457](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28457>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28469](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28469>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28475](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28475>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28473>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28477](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28477>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7 | No \n[CVE-2021-28472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28472>) | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28448>) | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28470](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28470>) | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28471>) | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-27067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067>) | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-28459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28459>) | Azure DevOps Server Spoofing Vulnerability | No | No | 6.1 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28480](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28480>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-28481](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28481>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-28483](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28483>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9 | Yes \n[CVE-2021-28482](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28482>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \nMicrosoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28453>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28450](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28450>) | Microsoft SharePoint Denial of Service Update | No | No | 5 | No \n[CVE-2021-28452](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28452>) | Microsoft Outlook Memory Corruption Vulnerability | No | No | 7.1 | Yes \n[CVE-2021-28449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28449>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28451](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28451>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28454>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28456>) | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28442>) | Windows TCP/IP Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-28319](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28319>) | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-28347](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28347>) | Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28351](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28351>) | Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28436>) | Windows Speech Runtime Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27086>) | Windows Services and Controller App Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27090>) | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28324>) | Windows SMB Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-28325](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28325>) | Windows SMB Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-28320](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28320>) | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26417>) | Windows Overlay Filter Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-28312](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28312>) | Windows NTFS Denial of Service Vulnerability | No | Yes | 3.3 | No \n[CVE-2021-27079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27079>) | Windows Media Photo Codec Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-28444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28444>) | Windows Hyper-V Security Feature Bypass Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-28441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28441>) | Windows Hyper-V Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-28314](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28314>) | Windows Hyper-V Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-26416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26416>) | Windows Hyper-V Denial of Service Vulnerability | No | No | 7.7 | Yes \n[CVE-2021-28435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28435>) | Windows Event Tracing Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-27088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27088>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-27094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27094>) | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | No | No | 4.4 | No \n[CVE-2021-28447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28447>) | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | No | No | 4.4 | No \n[CVE-2021-28438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28438>) | Windows Console Driver Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-28311](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28311>) | Windows Application Compatibility Cache Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-28326](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28326>) | Windows AppX Deployment Server Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-28310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28310>) | Win32k Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-27072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27072>) | Win32k Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-28464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28464>) | VP9 Video Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28466](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28466>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28468](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28468>) | Raw Image Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) | Azure AD Web Sign-in Security Feature Bypass Vulnerability | No | No | 6.8 | No \n \n## Windows Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28313](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313>) | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28321](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321>) | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28322](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322>) | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n \n## Windows ESU Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28316](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28316>) | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | No | No | 4.2 | No \n[CVE-2021-28439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28439>) | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-28446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28446>) | Windows Portmapping Information Disclosure Vulnerability | No | No | 7.1 | Yes \n[CVE-2021-28445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28445>) | Windows Network File System Remote Code Execution Vulnerability | No | No | 8.1 | No \n[CVE-2021-27095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27095>) | Windows Media Video Decoder Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-28315](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28315>) | Windows Media Video Decoder Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-27093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27093>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-28309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28309>) | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-26413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26413>) | Windows Installer Spoofing Vulnerability | No | No | 6.2 | No \n[CVE-2021-28437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28437>) | Windows Installer Information Disclosure Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-26415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26415>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28440>) | Windows Installer Elevation of Privilege Vulnerability | No | No | 7 | No \n[CVE-2021-28348](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28348>) | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28349](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28349>) | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28350>) | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-28318](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28318>) | Windows GDI+ Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-28323](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28323>) | Windows DNS Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-28328](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28328>) | Windows DNS Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-28443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28443>) | Windows Console Driver Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-28329](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28329>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28330>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28331](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28331>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28332](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28332>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28333>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28334](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28334>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28335](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28335>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28336](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28336>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28337](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28337>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28338](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28338>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28339](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28339>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28343](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28343>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28327](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28327>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28340](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28340>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28341](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28341>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28342](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28342>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28344](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28344>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28345](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28345>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28346](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28346>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28352](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28352>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28353](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28353>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28354](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28354>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28355](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28355>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28356](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28356>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28357](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28357>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28358](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28358>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-28434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28434>) | Remote Procedure Call Runtime Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-27091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27091>) | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-27096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27096>) | NTFS Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28317](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28317>) | Microsoft Windows Codecs Library Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-27089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27089>) | Microsoft Internet Messaging API Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n## Summary Graphs\n\n![Patch Tuesday - April 2021](https://blog.rapid7.com/content/images/2021/04/output_18_2.png)![Patch Tuesday - April 2021](https://blog.rapid7.com/content/images/2021/04/output_20_2.png)![Patch Tuesday - April 2021](https://blog.rapid7.com/content/images/2021/04/output_26_1.png)![Patch Tuesday - April 2021](https://blog.rapid7.com/content/images/2021/04/output_25_1.png)", "cvss3": {}, "published": "2021-04-13T17:37:00", "type": "rapid7blog", "title": "Patch Tuesday - April 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-21194", "CVE-2021-21195", "CVE-2021-21196", "CVE-2021-21197", "CVE-2021-21198", "CVE-2021-21199", "CVE-2021-26413", "CVE-2021-26415", "CVE-2021-26416", "CVE-2021-26417", "CVE-2021-27064", "CVE-2021-27067", "CVE-2021-27072", "CVE-2021-27079", "CVE-2021-27086", "CVE-2021-27088", "CVE-2021-27089", "CVE-2021-27090", "CVE-2021-27091", "CVE-2021-27092", "CVE-2021-27093", "CVE-2021-27094", "CVE-2021-27095", "CVE-2021-27096", "CVE-2021-28309", "CVE-2021-28310", "CVE-2021-28311", "CVE-2021-28312", "CVE-2021-28313", "CVE-2021-28314", "CVE-2021-28315", "CVE-2021-28316", "CVE-2021-28317", "CVE-2021-28318", "CVE-2021-28319", "CVE-2021-28320", "CVE-2021-28321", "CVE-2021-28322", "CVE-2021-28323", "CVE-2021-28324", "CVE-2021-28325", "CVE-2021-28326", "CVE-2021-28327", "CVE-2021-28328", "CVE-2021-28329", "CVE-2021-28330", "CVE-2021-28331", "CVE-2021-28332", "CVE-2021-28333", "CVE-2021-28334", "CVE-2021-28335", "CVE-2021-28336", "CVE-2021-28337", "CVE-2021-28338", "CVE-2021-28339", "CVE-2021-28340", "CVE-2021-28341", "CVE-2021-28342", "CVE-2021-28343", "CVE-2021-28344", "CVE-2021-28345", "CVE-2021-28346", "CVE-2021-28347", "CVE-2021-28348", "CVE-2021-28349", "CVE-2021-28350", "CVE-2021-28351", "CVE-2021-28352", "CVE-2021-28353", "CVE-2021-28354", "CVE-2021-28355", "CVE-2021-28356", "CVE-2021-28357", "CVE-2021-28358", "CVE-2021-28434", "CVE-2021-28435", "CVE-2021-28436", "CVE-2021-28437", "CVE-2021-28438", "CVE-2021-28439", "CVE-2021-28440", "CVE-2021-28441", "CVE-2021-28442", "CVE-2021-28443", "CVE-2021-28444", "CVE-2021-28445", "CVE-2021-28446", "CVE-2021-28447", "CVE-2021-28448", "CVE-2021-28449", "CVE-2021-28450", "CVE-2021-28451", "CVE-2021-28452", "CVE-2021-28453", "CVE-2021-28454", "CVE-2021-28456", "CVE-2021-28457", "CVE-2021-28458", "CVE-2021-28459", "CVE-2021-28460", "CVE-2021-28464", "CVE-2021-28466", "CVE-2021-28468", "CVE-2021-28469", "CVE-2021-28470", "CVE-2021-28471", "CVE-2021-28472", "CVE-2021-28473", "CVE-2021-28475", "CVE-2021-28477", "CVE-2021-28480", "CVE-2021-28481", "CVE-2021-28482", "CVE-2021-28483"], "modified": "2021-04-13T17:37:00", "id": "RAPID7BLOG:452CCDC1AEFFF7056148871E86A6FE26", "href": "https://blog.rapid7.com/2021/04/13/patch-tuesday-april-2021/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2023-05-19T10:46:18", "description": "None\n**Applies to:** All Visual Studio 2015 Update 3 editions except Build Tools\n\n## Summary\n\nAn elevation of privilege vulnerability exists if the Diagnostics Hub Standard Collector incorrectly handles data operations.To learn more about this vulnerability, see [CVE-2021-28313](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28313>), [CVE-2021-28321](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28321>), and [CVE-2021-28322](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28322>).\n\n## How to obtain and install the update\n\n### Visual Studio 2015 Update 3\n\n#### Method 1: Microsoft Download\n\nThe following file is available for download:![Download ](https://support.content.office.net/en-us/media/dea9ad89-e39c-09ee-0d36-67beddb48e26.png)[Download the hotfix package now](<https://aka.ms/vs/14/release/5001292>).\n\n#### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=5001292>) website. \n\n### Remote Tools for Visual Studio 2015 Update 3\n\nTo download the updated Remote Tools for Visual Studio 2015 Update 3, go to the following Microsoft webpage:![Download ](https://support.content.office.net/en-us/media/dea9ad89-e39c-09ee-0d36-67beddb48e26.png)[Remote Tools for Visual Studio 2015 Update 3](<https://my.visualstudio.com/Downloads?q=visual%20studio%202015%20update%203%20remote%20tools&pgroup>)\n\n## More information\n\n### Prerequisites\n\nTo apply this security update, you must have both [Visual Studio 2015 Update 3](<https://aka.ms/vs/14/docs/2015_Update3>) and the subsequent [Cumulative Servicing Release KB 3165756](<https://aka.ms/vs/14/release/3165756>) installed. Typically, KB 3165756 is installed automatically when you install Visual Studio 2015 Update 3. However, in some cases, you have to install the two packages separately.\n\n### Restart requirement\n\nWe recommend that you close Visual Studio 2015 before you install this security update. Otherwise, you may have to restart the computer after you apply this security update if a file that is being updated is open or in use by Visual Studio.\n\n### Security update replacement information\n\nThis security update supersedes [KB4584787](<https://support.microsoft.com/help/4584787>).\n\n### File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nvs14-kb5001292.exe| 278BF1C5CE8CAEFDA868C371B73B33C4DDA86201| 547F7A60365FBF872344E20CFB41AE3D640C50F2D92375051347019B9DB5D995 \n \n## Installation verification\n\nTo verify that this security update is applied correctly, follow these steps:\n\n 1. Open the Visual Studio 2015 program folder.\n 2. Locate the DiagnosticsHub.StandardCollector.Runtime.dll file.\n 3. Verify that the file version is equal to or greater than **14.0.27549****.0**.\n\n## Information about protection, security, and support\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n * Obtain localized support per your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>)\n * Get more information about the Visual Studio support policy: [Visual Studio Product Lifecycle and Servicing](<https://www.visualstudio.com/productinfo/vs-servicing-vs>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: April 13, 2021 (KB5001292)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28313", "CVE-2021-28321", "CVE-2021-28322"], "modified": "2021-04-13T07:00:00", "id": "KB5001292", "href": "https://support.microsoft.com/en-us/help/5001292", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:46:21", "description": "None\n**NEW 4/13/21 \nIMPORTANT **Windows 10, version 1809 will reach end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise G, HoloLens, and the LTSC editions for Client, Server, and IoT.\n\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.1879) released April 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see [CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) and [Policy CSP - Authentication](<https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin>).\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note** If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app > **Recovery**.\n 2. Select **Get Started** under the **Reset this PC** recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing this update, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001404) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001342>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001342](<https://download.microsoft.com/download/4/c/2/4c2f5eb9-b102-4c92-a81a-90c58b1eb485/5001342.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001342 (OS Build 17763.1879)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-27092", "CVE-2021-28318"], "modified": "2021-04-13T07:00:00", "id": "KB5001342", "href": "https://support.microsoft.com/en-us/help/5001342", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:46:18", "description": "None\n**NEW 4/13/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. In this April 13, 2021 release, we will install the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**2/24/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>).**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.925 and 19042.925 \n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1144) released April 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see [CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) and [Policy CSP - Authentication](<https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin>).\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Kernel, Windows Virtualization, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps.| To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab <destination path>**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* <destination path>**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nA small subset of users have reported lower than expected performance in games after installing this update. Most users affected by this issue are running games full screen or borderless windowed modes and using two or more monitors.| This issue is resolved in KB5003690. \nAfter installing this update, 5.1 Dolby Digital audio may play containing a high-pitched noise or squeak in certain apps when using certain audio devices and Windows settings.**Note **This issue does not occur when stereo is used.| This issue is resolved in KB5003690. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). If you encounter the error, 0x800f0823 \u2013 CBS_E_NEW_SERVICING_STACK_REQUIRED, close the error message and install the last standalone SSU (KB4598481) **before** installing this LCU. You will not need to install this SSU (KB4598481) again for future updates. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001330>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001330](<https://download.microsoft.com/download/e/3/b/e3b48b01-ec2d-4e51-9ea8-b4b0b8e1a207/5001330.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.925 and 19042.925](<https://download.microsoft.com/download/5/a/5/5a5efb3d-9d22-4add-bac0-34959549170f/SSU_version_19041.925.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001330 (OS Builds 19041.928 and 19042.928)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-27092", "CVE-2021-28319"], "modified": "2021-04-13T07:00:00", "id": "KB5001330", "href": "https://support.microsoft.com/en-us/help/5001330", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:46:20", "description": "None\n**NEW 4/13/21** \n**IMPORTANT **Windows 10, version 1909 will reach end of service on May 11, 2021 for devices running the Home, Pro, Pro for Workstation, Nano Container, and Server SAC editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise, Education, and IoT Enterprise.\n\n**NEW 4/13/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in March 2021. In this April 13, 2021 release, we will install the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**2/16/21** \n**IMPORTANT **As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft\u2019s plans, see [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support>).\n\n**12/8/20 \nREMINDER **Windows 10, version 1903 reached end of servicing on December 8, 2020. To continue receiving security and quality updates, Microsoft recommends that you update to the latest version of Windows 10. If you want to update to Windows 10, version 1909, you must use the Enablement Package KB4517245 (EKB). Using the EKB makes updating faster and easier and requires a single restart. For more information, see [Windows 10, version 1909 delivery options](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-version-1909-delivery-options/ba-p/1002660>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 18363.1108) released April 13, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates to improve security when Windows performs basic operations.\n * Updates to improve security when using input devices such as a mouse, keyboard, or pen.\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue in which a principal in a trusted MIT realm fails to obtain a Kerberos service ticket from Active Directory domain controllers (DC). This occurs on devices that installed Windows Updates that contain CVE-2020-17049 protections and configured PerfromTicketSignature to 1 or higher. These updates were released between November 10, 2020 and December 8, 2020. Ticket acquisition also fails with the error, \u201cKRB_GENERIC_ERROR\u201d, if callers submit a PAC-less Ticket Granting Ticket (TGT) as an evidence ticket without providing the USER_NO_AUTH_DATA_REQUIRED flag.\n * Addresses an issue with security vulnerabilities identified by a security researcher. Because of these security vulnerabilities, this and all future Windows updates will no longer contain the [RemoteFX vGPU](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploy-graphics-devices-using-remotefx-vgpu>) feature. For more information about the vulnerability and its removal, see [CVE-2020-1036](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1036>) and [KB4570006](<https://support.microsoft.com/en-us/topic/update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2>). Secure vGPU alternatives are available using [Discrete Device Assignment (DDA)](<https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/deploying-graphics-devices-using-dda>) in Windows Server LTSC releases (Windows Server 2016 and Windows Server 2019) and Windows Server SAC releases (Windows Server, version 1803 and later versions).\n * Addresses a potential elevation of privilege vulnerability in the way Azure Active Directory web sign-in allows arbitrary browsing from the third-party endpoints used for federated authentication. For more information, see [CVE-2021-27092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27092>) and [Policy CSP - Authentication](<https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin>).\n * Addresses an issue that causes Windows Back up using File History to stop working for a few users. This issue occurs after installing the February 9, 2021 update. The error message is, \u201cFailed to start the backup of user links (error 8007005)\u201d.\n * Security updates to Windows App Platform and Frameworks, Windows Apps, Windows Input and Composition, Windows Office Media, Windows Fundamentals, Windows Cryptography, the Windows AI Platform, Windows Hybrid Cloud Networking, the Windows Kernel, Windows Virtualization, and Windows Media.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nScroll bar controls might appear blank on the screen and not function after installing this update. This issue affects 32-bit applications running on 64-bit Windows 10 (WOW64) that create scroll bars using a [superclass](<https://docs.microsoft.com/en-us/windows/win32/winmsg/about-window-procedures#window-procedure-superclassing>) of the **USER32.DLL SCROLLBAR** window class. This issue also affects **HScrollBar** and **VScrollBar** controls that are used in Visual Basic 6 applications and the classes derived from **[System.Windows.Forms.ScrollBar](<https://docs.microsoft.com/en-us/dotnet/api/system.windows.forms.scrollbar?view=net-5.0>)** that are used in .NET Windows Forms applications. A memory usage increase of up to 4 GB might occur in 64-bit applications when you create a scroll bar control.Scroll bars you create using the **SCROLLBAR** window class or using the WS_HSCROLL and WS_VSCROLL window styles function normally. Applications that use the scroll bar control that is implemented in **COMCTL32.DLL** version 6 are not affected. This includes .NET Windows Forms applications that call **Application.EnableVisualStyles()**.| This issue is resolved in KB5003169. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the April 13, 2021 servicing stack update (SSU) (KB5001406) or later before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5001337>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5001337](<https://download.microsoft.com/download/e/1/0/e10a6884-2e7a-4d80-ac2f-884c39a2a1b2/5001337.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-13T07:00:00", "type": "mskb", "title": "April 13, 2021\u2014KB5001337 (OS Build 18363.1500)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1036", "CVE-2020-17049", "CVE-2021-27092", "CVE-2021-28434"], "modified": "2021-04-13T07:00:00", "id": "KB5001337", "href": "https://support.microsoft.com/en-us/help/5001337", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:21", "description": "[![](https://thehackernews.com/images/-YROWoUQuY8Q/YHZ1yLhkJGI/AAAAAAAACQw/rmFTIz73mk81DI0P2vG2MpkxtMrT5jqbgCLcBGAsYHQ/s0/windows-update-smb-flaw.jpg)](<https://thehackernews.com/images/-YROWoUQuY8Q/YHZ1yLhkJGI/AAAAAAAACQw/rmFTIz73mk81DI0P2vG2MpkxtMrT5jqbgCLcBGAsYHQ/s0/windows-update-smb-flaw.jpg>)\n\nIn its April slate of patches, Microsoft rolled out fixes for a total of [114 security flaws](<https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/>), including an actively exploited zero-day and four remote code execution bugs in Exchange Server.\n\nOf the [114 flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr>), 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity.\n\nChief among them is [CVE-2021-28310](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310>), a privilege escalation vulnerability in Win32k that's said to be under active exploitation, allowing attackers to elevate privileges by running malicious code on a target system. \n\nCybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw ([CVE-2021-1732](<https://thehackernews.com/2021/02/microsoft-issues-patches-for-in-wild-0.html>)) in attacks late last year.\n\n\"It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access,\" Kaspersky researcher Boris Larin [said](<https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/>).\n\n## NSA Found New Bugs Affecting Exchange Server\n\nAlso fixed by Microsoft are four remote code execution (RCE) flaws (CVE-2021-28480 through CVE-2021-28483) affecting [on-premises Exchange Servers](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-a