Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft active directory - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1282
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote malicious users to cause a denial of service (memory consumption and service outage) via ...
Microsoft Active Directory -
Microsoft Active Directory Application Mode -
Microsoft Active Directory Lightweight Directory Service -
Microsoft Active Directory Services -
8.1
CVSSv3
CVE-2016-7191
The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x prior to 1.4.6 and 2.x prior to 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote malicious users to bypass authentication via a crafted token.
Microsoft Azure Active Directory Passport 1.0.0
Microsoft Azure Active Directory Passport 1.1.0
Microsoft Azure Active Directory Passport 1.3.5
Microsoft Azure Active Directory Passport 1.3.6
Microsoft Azure Active Directory Passport 2.0.0
Microsoft Azure Active Directory Passport 1.3.3
Microsoft Azure Active Directory Passport 1.3.4
Microsoft Azure Active Directory Passport 1.4.4
Microsoft Azure Active Directory Passport 1.4.5
Microsoft Azure Active Directory Passport 1.3.1
Microsoft Azure Active Directory Passport 1.3.2
Microsoft Azure Active Directory Passport 1.4.2
Microsoft Azure Active Directory Passport 1.4.3
Microsoft Azure Active Directory Passport 1.1.1
Microsoft Azure Active Directory Passport 1.2.0
Microsoft Azure Active Directory Passport 1.3.0
Microsoft Azure Active Directory Passport 1.4.0
Microsoft Azure Active Directory Passport 1.4.1
8.8
CVSSv3
CVE-2019-1258
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.
Microsoft Nuget 5.2.0
Microsoft Active Directory Authentication Library 5.0.1
Microsoft Active Directory Authentication Library 5.0.2
Microsoft Active Directory Authentication Library 5.0.3
Microsoft Active Directory Authentication Library
Microsoft Active Directory Authentication Library 5.0.0
NA
CVE-2015-1757
Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote malicious users to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Eleva...
Microsoft Active Directory Federation Services 2.0
Microsoft Active Directory Federation Services 2.1
7.1
CVSSv3
CVE-2021-36949
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
Microsoft Azure Active Directory Connect Provisioning Agent
Microsoft Azure Active Directory Connect
6.8
CVSSv3
CVE-2024-21381
Microsoft Azure Active Directory B2C Spoofing Vulnerability
Microsoft Azure Active Directory -
8.1
CVSSv3
CVE-2017-8613
Azure AD Connect Password writeback, if misconfigured during enablement, allows an malicious user to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."
Microsoft Azure Active Directory Connect
5.3
CVSSv3
CVE-2019-1000
An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an malicious user to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need t...
Microsoft Azure Active Directory Connect -
1 Article
8.1
CVSSv3
CVE-2021-42306
<p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">...
Microsoft Azure Migrate
Microsoft Azure Active Site Recovery
Microsoft Azure Automation
Microsoft Azure Active Directory
1 Article
NA
CVE-2013-3868
Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote malicious users to cause a den...
Microsoft Windows Server 2008
Microsoft Active Directory Lightweight Directory Service -
Microsoft Windows 8 -
Microsoft Windows 7
Microsoft Windows Server 2012 -
Microsoft Windows Vista
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »