Filtered by vendor Microsoft
Subscribe
Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48691 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-10 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48693 | 1 Microsoft | 1 Azure Rtos Threadx | 2023-12-10 | N/A | 9.8 CRITICAL |
| Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-36028 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-48696 | 1 Microsoft | 1 Azure Rtos Usbx | 2023-12-10 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48315 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-10 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-36397 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||
| CVE-2023-48316 | 1 Microsoft | 1 Azure Rtos Netx Duo | 2023-12-10 | N/A | 9.8 CRITICAL |
| Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48697 | 1 Microsoft | 1 Azure Rtos Usbx | 2023-12-10 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-36758 | 1 Microsoft | 1 Visual Studio 2022 | 2023-12-10 | N/A | 9.8 CRITICAL |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-44152 | 4 Acronis, Apple, Linux and 1 more | 4 Cyber Protect, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.1 CRITICAL |
| Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | |||||
| CVE-2023-5168 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | |||||
| CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2023-12-10 | N/A | 9.8 CRITICAL |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-5174 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | |||||
| CVE-2023-39143 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2023-12-10 | N/A | 9.8 CRITICAL |
| PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). | |||||
| CVE-2023-21709 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | N/A | 9.8 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-38734 | 3 Ibm, Microsoft, Redhat | 3 Robotic Process Automation, Windows, Openshift | 2023-12-10 | N/A | 9.8 CRITICAL |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. | |||||
| CVE-2023-36434 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| Windows IIS Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-26512 | 4 Apache, Apple, Linux and 1 more | 4 Eventmesh, Macos, Linux Kernel and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. | |||||
| CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2023-12-10 | N/A | 10.0 CRITICAL |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||||