Filtered by vendor Microsoft
Subscribe
Total
976 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-04-11 | N/A | 9.8 CRITICAL |
Microsoft Outlook Remote Code Execution Vulnerability | |||||
CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2024-04-11 | N/A | 9.8 CRITICAL |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
CVE-2024-21401 | 1 Microsoft | 1 Entra Jira Sso Plugin | 2024-04-11 | N/A | 9.8 CRITICAL |
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | |||||
CVE-2024-21376 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-04-11 | N/A | 9.0 CRITICAL |
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | |||||
CVE-2024-21364 | 1 Microsoft | 1 Azure Site Recovery | 2024-04-11 | N/A | 9.3 CRITICAL |
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | |||||
CVE-2024-0057 | 1 Microsoft | 17 .net, .net Framework, Powershell and 14 more | 2024-04-11 | N/A | 9.8 CRITICAL |
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||||
CVE-2024-25140 | 2 Microsoft, Rustdesk | 2 Windows, Rustdesk | 2024-04-11 | N/A | 9.8 CRITICAL |
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. | |||||
CVE-2022-3734 | 2 Microsoft, Redis | 2 Windows, Redis | 2024-04-11 | N/A | 9.8 CRITICAL |
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. | |||||
CVE-2020-36639 | 2 Alliedmods, Microsoft | 2 Amx Mod X, Windows | 2024-04-11 | 4.7 MEDIUM | 9.8 CRITICAL |
A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability. | |||||
CVE-2023-38545 | 4 Fedoraproject, Haxx, Microsoft and 1 more | 13 Fedora, Libcurl, Windows 10 1809 and 10 more | 2024-04-01 | N/A | 9.8 CRITICAL |
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. | |||||
CVE-2024-20738 | 2 Adobe, Microsoft | 2 Framemaker Publishing Server, Windows | 2024-03-15 | N/A | 9.8 CRITICAL |
Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
CVE-2023-36911 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-03-12 | N/A | 9.8 CRITICAL |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
CVE-2023-36910 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-03-12 | N/A | 9.8 CRITICAL |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
CVE-2023-35385 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-03-12 | N/A | 9.8 CRITICAL |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2024-02-15 | 7.5 HIGH | 9.1 CRITICAL |
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
CVE-2022-4135 | 2 Google, Microsoft | 3 Chrome, Edge, Edge Chromium | 2024-02-15 | N/A | 9.6 CRITICAL |
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2021-34523 | 1 Microsoft | 1 Exchange Server | 2024-02-13 | 7.5 HIGH | 9.0 CRITICAL |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
CVE-2024-24482 | 2 Apktool, Microsoft | 2 Apktool, Windows | 2024-02-12 | N/A | 9.8 CRITICAL |
Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | |||||
CVE-2008-0081 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2024-02-08 | 9.3 HIGH | 9.8 CRITICAL |
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. | |||||
CVE-2000-1218 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows 98se and 2 more | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. |