Filtered by vendor Microsoft
Subscribe
Total
8154 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-20653 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-04-11 | N/A | 7.8 HIGH |
Microsoft Common Log File System Elevation of Privilege Vulnerability | |||||
CVE-2024-20652 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-04-11 | N/A | 8.1 HIGH |
Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
CVE-2024-0056 | 1 Microsoft | 19 .net, .net Framework, Microsoft.data.sqlclient and 16 more | 2024-04-11 | N/A | 8.7 HIGH |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | |||||
CVE-2023-40596 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-04-10 | N/A | 8.8 HIGH |
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine. | |||||
CVE-2020-12695 | 21 Asus, Broadcom, Canon and 18 more | 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more | 2024-04-08 | 7.8 HIGH | 7.5 HIGH |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
CVE-2023-1017 | 2 Microsoft, Trustedcomputinggroup | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-04-01 | N/A | 7.8 HIGH |
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. | |||||
CVE-2023-38039 | 3 Fedoraproject, Haxx, Microsoft | 10 Fedora, Curl, Windows 10 1809 and 7 more | 2024-04-01 | N/A | 7.5 HIGH |
When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | |||||
CVE-2018-8493 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 7 more | 2024-04-01 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | |||||
CVE-2023-47039 | 2 Microsoft, Perl | 2 Windows, Perl | 2024-03-28 | N/A | 7.8 HIGH |
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | |||||
CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-03-27 | N/A | 7.2 HIGH |
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
CVE-2021-34452 | 1 Microsoft | 3 365 Apps, Office, Word | 2024-03-21 | 6.8 MEDIUM | 7.8 HIGH |
Microsoft Word Remote Code Execution Vulnerability | |||||
CVE-2021-29725 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Secure External Authentication Server, Sterling Secure Proxy and 3 more | 2024-03-19 | 5.0 MEDIUM | 7.5 HIGH |
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | |||||
CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-03-07 | N/A | 8.1 HIGH |
Internet Shortcut Files Security Feature Bypass Vulnerability | |||||
CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-03-07 | N/A | 7.6 HIGH |
Windows SmartScreen Security Feature Bypass Vulnerability | |||||
CVE-2023-38161 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-03-07 | N/A | 7.8 HIGH |
Windows GDI Elevation of Privilege Vulnerability | |||||
CVE-2023-50387 | 8 Fedoraproject, Isc, Microsoft and 5 more | 13 Fedora, Bind, Windows Server 2008 and 10 more | 2024-03-07 | N/A | 7.5 HIGH |
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | |||||
CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-03-07 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. | |||||
CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-03-07 | N/A | 7.8 HIGH |
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | |||||
CVE-2023-45193 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-03-07 | N/A | 7.5 HIGH |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. | |||||
CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-03-04 | N/A | 8.4 HIGH |
Microsoft Streaming Service Elevation of Privilege Vulnerability |