Filtered by vendor Microsoft Subscriptions
Total 20262 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-35755 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2024-10-02 7.3 High
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-35754 1 Microsoft 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more 2024-10-02 6.7 Medium
Unified Write Filter Elevation of Privilege Vulnerability
CVE-2022-35753 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-10-02 8.1 High
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35747 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2024-10-02 5.9 Medium
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
CVE-2023-40370 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-10-02 3.7 Low
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.
CVE-2024-8996 2 Grafana, Microsoft 3 Agent, Agent Flow Windows, Windows 2024-10-01 7.3 High
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2
CVE-2023-2737 2 Microsoft, Thalesgroup 2 Windows, Safenet Authentication Service 2024-10-01 5.7 Medium
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.
CVE-2022-46868 2 Acronis, Microsoft 2 Cyber Protect Home Office, Windows 2024-10-01 7.8 High
Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.
CVE-2023-41743 2 Acronis, Microsoft 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more 2024-10-01 7.8 High
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.
CVE-2023-31173 3 Microsoft, Schweitzer Engineering Laboratories, Selinc 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5037 Sel Grid Configurator 2024-10-01 7.7 High
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.
CVE-2023-34391 3 Microsoft, Schweitzer Engineering Laboratories, Selinc 3 Windows, Sel-5033 Acselerator Rtac Software, Sel-5033 Acselerator Real-time Automation Controller 2024-10-01 7.4 High
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.
CVE-2023-41746 2 Acronis, Microsoft 2 Cloud Manager, Windows 2024-10-01 9.8 Critical
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.
CVE-2023-41748 2 Acronis, Microsoft 2 Cloud Manager, Windows 2024-10-01 9.8 Critical
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.
CVE-2022-46869 2 Acronis, Microsoft 2 Cyber Protect Home Office, Windows 2024-10-01 7.8 High
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.
CVE-2023-41751 2 Acronis, Microsoft 2 Agent, Windows 2024-10-01 5.5 Medium
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.
CVE-2023-29355 1 Microsoft 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more 2024-10-01 5.3 Medium
DHCP Server Service Information Disclosure Vulnerability
CVE-2023-38732 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-10-01 4.3 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
CVE-2020-1466 1 Microsoft 4 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 1 more 2024-10-01 7.8 High
A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerability by correcting how RD Gateway handles connection requests.
CVE-2020-1577 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-10-01 7.8 High
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
CVE-2020-0761 1 Microsoft 10 Windows Server 1903, Windows Server 1909, Windows Server 2004 and 7 more 2024-10-01 8.8 High
<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p> <p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p> <p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>