Filtered by vendor Microsoft
Subscribe
Total
192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24069 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-04-11 | N/A | 3.3 LOW |
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access. | |||||
CVE-2024-26246 | 1 Microsoft | 1 Edge | 2024-03-19 | N/A | 3.9 LOW |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
CVE-2022-40709 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-02-27 | N/A | 3.3 LOW |
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708. | |||||
CVE-2022-40708 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-02-27 | N/A | 3.3 LOW |
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. | |||||
CVE-2022-40707 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-02-27 | N/A | 3.3 LOW |
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. | |||||
CVE-2023-25840 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2024-02-23 | N/A | 3.4 LOW |
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high. | |||||
CVE-2024-21336 | 1 Microsoft | 1 Edge Chromium | 2024-01-31 | N/A | 2.5 LOW |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2024-21383 | 1 Microsoft | 1 Edge Chromium | 2024-01-31 | N/A | 3.3 LOW |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2020-17020 | 1 Microsoft | 3 365 Apps, Office, Word | 2023-12-31 | 2.1 LOW | 3.3 LOW |
Microsoft Word Security Feature Bypass Vulnerability | |||||
CVE-2020-17097 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-30 | 4.6 MEDIUM | 3.3 LOW |
Windows Digital Media Receiver Elevation of Privilege Vulnerability | |||||
CVE-2021-28312 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-29 | 4.3 MEDIUM | 3.3 LOW |
Windows NTFS Denial of Service Vulnerability | |||||
CVE-2021-43220 | 1 Microsoft | 1 Edge Ios | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
Microsoft Edge for iOS Spoofing Vulnerability | |||||
CVE-2021-42323 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 2.1 LOW | 3.3 LOW |
Azure RTOS Information Disclosure Vulnerability | |||||
CVE-2021-42308 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2021-42301 | 1 Microsoft | 1 Azure Rtos | 2023-12-28 | 2.1 LOW | 3.3 LOW |
Azure RTOS Information Disclosure Vulnerability | |||||
CVE-2021-41376 | 1 Microsoft | 1 Azure Sphere | 2023-12-28 | 2.1 LOW | 2.3 LOW |
Azure Sphere Information Disclosure Vulnerability | |||||
CVE-2021-26444 | 1 Microsoft | 1 Azure Real Time Operating System | 2023-12-28 | 1.9 LOW | 3.3 LOW |
Azure RTOS Information Disclosure Vulnerability | |||||
CVE-2022-21929 | 1 Microsoft | 1 Edge Chromium | 2023-12-21 | 2.6 LOW | 2.5 LOW |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
CVE-2022-41043 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2023-12-20 | N/A | 3.3 LOW |
Microsoft Office Information Disclosure Vulnerability | |||||
CVE-2022-38022 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 3.3 LOW |
Windows Kernel Elevation of Privilege Vulnerability |