Filtered by vendor Microsoft
Subscriptions
Total
19949 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-2110 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-10-07 | 8.2 High |
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | ||||
CVE-2023-2316 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2024-10-07 | 7.4 High |
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | ||||
CVE-2023-2317 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2024-10-07 | 8.6 High |
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | ||||
CVE-2023-2318 | 4 Apple, Linux, Marktext and 1 more | 4 Macos, Linux Kernel, Marktext and 1 more | 2024-10-07 | 8.6 High |
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText. | ||||
CVE-2023-2971 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2024-10-07 | 6.3 Medium |
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | ||||
CVE-2024-21363 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-10-07 | 7.8 High |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
CVE-2023-28262 | 1 Microsoft | 3 Visual Studio, Visual Studio 2019, Visual Studio 2022 | 2024-10-07 | 7.8 High |
Visual Studio Elevation of Privilege Vulnerability | ||||
CVE-2023-28254 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-10-07 | 7.2 High |
Windows DNS Server Remote Code Execution Vulnerability | ||||
CVE-2023-28253 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-10-07 | 5.5 Medium |
Windows Kernel Information Disclosure Vulnerability | ||||
CVE-2023-28271 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-10-07 | 5.5 Medium |
Windows Kernel Memory Information Disclosure Vulnerability | ||||
CVE-2023-28248 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2024-10-07 | 7.8 High |
Windows Kernel Elevation of Privilege Vulnerability | ||||
CVE-2023-28241 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-10-07 | 7.5 High |
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | ||||
CVE-2023-28234 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 2 more | 2024-10-07 | 7.5 High |
Windows Secure Channel Denial of Service Vulnerability | ||||
CVE-2023-28228 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-10-07 | 5.5 Medium |
Windows Spoofing Vulnerability | ||||
CVE-2023-28224 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-10-07 | 7.1 High |
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | ||||
CVE-2023-28220 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-10-07 | 8.1 High |
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | ||||
CVE-2024-21420 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-10-07 | 8.8 High |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2024-21403 | 1 Microsoft | 2 Azure Kubernetes Service, Azure Kubernetes Service Confidential Containers | 2024-10-07 | 9 Critical |
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | ||||
CVE-2024-21357 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2024-10-07 | 8.1 High |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | ||||
CVE-2023-24912 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-10-04 | 7.8 High |
Windows Graphics Component Elevation of Privilege Vulnerability |