Filtered by vendor Microsoft
Subscriptions
Total
20141 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1083 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-10-15 | 8.1 High |
| Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." | ||||
| CVE-2023-1217 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-10-15 | 6.5 Medium |
| Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-25707 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2024-10-15 | 4.8 Medium |
| There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code. | ||||
| CVE-2006-4692 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-10-15 | N/A |
| Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." | ||||
| CVE-2005-3170 | 1 Microsoft | 1 Windows 2000 | 2024-10-15 | N/A |
| The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. | ||||
| CVE-2022-41052 | 1 Microsoft | 13 Windows 10, Windows 10 1507, Windows 10 1607 and 10 more | 2024-10-15 | 7.8 High |
| Windows Graphics Component Remote Code Execution Vulnerability | ||||
| CVE-2022-38014 | 1 Microsoft | 3 Azure Eflow, Azure Iot Edge For Linux, Windows Subsystem For Linux | 2024-10-15 | 7 High |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-37967 | 4 Fedoraproject, Microsoft, Netapp and 1 more | 12 Fedora, Windows Server 2008, Windows Server 2008 R2 and 9 more | 2024-10-15 | 7.2 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2022-37966 | 4 Fedoraproject, Microsoft, Netapp and 1 more | 9 Fedora, Windows Server 2008, Windows Server 2012 and 6 more | 2024-10-15 | 8.1 High |
| Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | ||||
| CVE-2022-37955 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-10-15 | 7.8 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-2022-37954 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 20h2 and 6 more | 2024-10-11 | 7.8 High |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-35841 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2024-10-11 | 8.8 High |
| Windows Enterprise App Management Service Remote Code Execution Vulnerability | ||||
| CVE-2022-35833 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-10-11 | 7.5 High |
| Windows Secure Channel Denial of Service Vulnerability | ||||
| CVE-2022-34728 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-10-11 | 5.5 Medium |
| Windows Graphics Component Information Disclosure Vulnerability | ||||
| CVE-2022-34723 | 1 Microsoft | 2 Windows 11, Windows 11 21h2 | 2024-10-11 | 5.5 Medium |
| Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability | ||||
| CVE-2024-34122 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-10-11 | 7.8 High |
| Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-20562 | 3 Amd, Linux, Microsoft | 4 Amd Uprof, Uprof Tool, Linux Kernel and 1 more | 2024-10-10 | 7.8 High |
| Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||||
| CVE-2023-49283 | 1 Microsoft | 1 Graph | 2024-10-10 | 5.4 Medium |
| microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo() function from any application that could access and execute the file at `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php`. The phpInfo function exposes system information. The vulnerability affects the GetPhpInfo.php script of the PHP SDK which contains a call to the phpinfo() function. This vulnerability requires a misconfiguration of the server to be present so it can be exploited. For example, making the PHP application’s /vendor directory web accessible. The combination of the vulnerability and the server misconfiguration would allow an attacker to craft an HTTP request that executes the phpinfo() method. The attacker would then be able to get access to system information like configuration, modules, and environment variables and later on use the compromised secrets to access additional data. This problem has been patched in version 2.0.2. If an immediate deployment with the updated vendor package is not available, you can perform the following temporary workarounds: delete the `vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php` file, remove access to the /vendor directory, or disable the phpinfo function | ||||
| CVE-2024-47420 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 5.5 Medium |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47419 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 5.5 Medium |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||