Filtered by vendor Microsoft Subscriptions
Total 19949 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2110 4 Apple, Linux, Microsoft and 1 more 4 Macos, Linux Kernel, Windows and 1 more 2024-10-07 8.2 High
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.
CVE-2023-2316 3 Linux, Microsoft, Typora 3 Linux Kernel, Windows, Typora 2024-10-07 7.4 High
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.
CVE-2023-2317 3 Linux, Microsoft, Typora 3 Linux Kernel, Windows, Typora 2024-10-07 8.6 High
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.
CVE-2023-2318 4 Apple, Linux, Marktext and 1 more 4 Macos, Linux Kernel, Marktext and 1 more 2024-10-07 8.6 High
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
CVE-2023-2971 3 Linux, Microsoft, Typora 3 Linux Kernel, Windows, Typora 2024-10-07 6.3 Medium
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.
CVE-2024-21363 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-10-07 7.8 High
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-28262 1 Microsoft 3 Visual Studio, Visual Studio 2019, Visual Studio 2022 2024-10-07 7.8 High
Visual Studio Elevation of Privilege Vulnerability
CVE-2023-28254 1 Microsoft 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more 2024-10-07 7.2 High
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28253 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-10-07 5.5 Medium
Windows Kernel Information Disclosure Vulnerability
CVE-2023-28271 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-10-07 5.5 Medium
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2023-28248 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2024-10-07 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28241 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-10-07 7.5 High
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
CVE-2023-28234 1 Microsoft 5 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 2 more 2024-10-07 7.5 High
Windows Secure Channel Denial of Service Vulnerability
CVE-2023-28228 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-10-07 5.5 Medium
Windows Spoofing Vulnerability
CVE-2023-28224 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2024-10-07 7.1 High
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
CVE-2023-28220 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-10-07 8.1 High
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2024-21420 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-10-07 8.8 High
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21403 1 Microsoft 2 Azure Kubernetes Service, Azure Kubernetes Service Confidential Containers 2024-10-07 9 Critical
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21357 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-10-07 8.1 High
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-24912 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2024-10-04 7.8 High
Windows Graphics Component Elevation of Privilege Vulnerability