VYPR

Active Directory Services

by Microsoft

CVEs (38)

  • CVE-2022-26923HigKEVMay 10, 2022
    risk 0.79cvss 8.8epss 0.83

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2021-42287HigKEVNov 10, 2021
    risk 0.73cvss 7.5epss 0.74

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2021-42278HigKEVNov 10, 2021
    risk 0.72cvss 7.5epss 0.70

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2011-3406HigDec 14, 2011
    risk 0.59cvss 8.8epss 0.23

    Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold…

  • CVE-2026-45648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

  • CVE-2022-34691HigAug 9, 2022
    risk 0.57cvss 8.8epss 0.02

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2022-21857HigJan 11, 2022
    risk 0.57cvss 8.8epss 0.03

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2021-42306HigNov 24, 2021
    risk 0.53cvss 8.1epss 0.03

    An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential  on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a…

  • CVE-2020-0665HigFeb 11, 2020
    risk 0.53cvss 8.1epss 0.04

    An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.

  • CVE-2021-42282HigNov 10, 2021
    risk 0.49cvss 7.5epss 0.03

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2022-38042HigOct 11, 2022
    risk 0.46cvss 7.1epss 0.01

    Active Directory Domain Services Elevation of Privilege Vulnerability

  • CVE-2016-3226MedJun 16, 2016
    risk 0.43cvss 6.5epss 0.11

    Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

  • CVE-2026-32072MedApr 14, 2026
    risk 0.40cvss 6.2epss 0.00

    Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.

  • CVE-2019-0683MedApr 9, 2019
    risk 0.39cvss 5.9epss 0.03

    An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.

  • CVE-2018-0890MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.04

    A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2021-41337MedOct 13, 2021
    risk 0.32cvss 4.9epss 0.02

    Active Directory Security Feature Bypass Vulnerability

  • CVE-2023-36722MedOct 10, 2023
    risk 0.29cvss 4.4epss 0.01

    Active Directory Domain Services Information Disclosure Vulnerability

  • CVE-2017-0164MedApr 12, 2017
    risk 0.29cvss 4.4epss 0.04

    A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."

  • CVE-2022-1697LowSep 6, 2022
    risk 0.25cvss 3.9epss 0.00

    Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the…

  • CVE-2025-21293Jan 14, 2025
    risk 0.09cvss epss 0.18

    Active Directory Domain Services Elevation of Privilege Vulnerability

Page 1 of 2