Filtered by vendor Microsoft
Subscribe
Total
3643 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-21388 | 1 Microsoft | 1 Edge Chromium | 2024-02-06 | N/A | 6.5 MEDIUM |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2023-4553 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-05 | N/A | 5.3 MEDIUM |
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2023-4554 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-05 | N/A | 6.5 MEDIUM |
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2024-23441 | 2 Anti-virus, Microsoft | 2 Vba32, Windows | 2024-02-05 | N/A | 5.5 MEDIUM |
Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | |||||
CVE-2023-38174 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 4.3 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-36880 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 4.8 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-36727 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.1 MEDIUM |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2023-36559 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 4.2 MEDIUM |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2023-36409 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.5 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-36029 | 1 Microsoft | 1 Edge | 2024-02-03 | N/A | 4.3 MEDIUM |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
CVE-2023-36022 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.6 MEDIUM |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
CVE-2023-33145 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.5 MEDIUM |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
CVE-2023-29345 | 1 Microsoft | 1 Edge Chromium | 2024-02-03 | N/A | 6.1 MEDIUM |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
CVE-2024-0589 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-02-03 | N/A | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. | |||||
CVE-2007-2237 | 1 Microsoft | 1 Windows Xp | 2024-02-02 | 7.1 HIGH | 5.5 MEDIUM |
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. | |||||
CVE-2024-21382 | 2 Google, Microsoft | 2 Android, Edge Chromium | 2024-01-31 | N/A | 4.3 MEDIUM |
Microsoft Edge for Android Information Disclosure Vulnerability | |||||
CVE-2024-21387 | 1 Microsoft | 1 Edge Chromium | 2024-01-31 | N/A | 5.3 MEDIUM |
Microsoft Edge for Android Spoofing Vulnerability | |||||
CVE-2017-7440 | 3 Apple, Gfi, Microsoft | 4 Macos, Kerio Connect, Kerio Connect Client and 1 more | 2024-01-26 | 4.3 MEDIUM | 6.5 MEDIUM |
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | |||||
CVE-2023-44358 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-01-25 | N/A | 5.5 MEDIUM |
Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-38235 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-01-25 | N/A | 5.5 MEDIUM |
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |