Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49085 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-01-08 | N/A | 8.8 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49084 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-08 | N/A | 7.0 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21442 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-01-07 | N/A | 7.8 HIGH |
|
Windows USB Print Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-28906 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28908 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28909 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28910 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28911 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28912 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28913 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28914 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28915 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28917 | 1 Microsoft | 7 Azure Arc Extension Microsoft.azstackhci.operator, Azure Arc Extension Microsoft.azure.hybridnetwork, Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider and 4 more | 2025-01-07 | N/A | 6.2 MEDIUM |
|
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
|
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.
|
|||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
|
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine.
|
|||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
|
|||||
| CVE-2022-31693 | 2 Microsoft, Vmware | 2 Windows, Tools | 2025-01-07 | N/A | 5.5 MEDIUM |
|
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
|
|||||
| CVE-2024-43577 | 1 Microsoft | 1 Edge Chromium | 2025-01-07 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-49056 | 1 Microsoft | 1 Airlift Microsoft Com | 2025-01-07 | N/A | 7.3 HIGH |
|
Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
|
|||||
| CVE-2024-43613 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2025-01-07 | N/A | 7.2 HIGH |
|
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49042 | 1 Microsoft | 1 Azure Database For Postgresql Flexible Server | 2025-01-07 | N/A | 7.2 HIGH |
|
Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49025 | 1 Microsoft | 1 Edge Chromium | 2025-01-07 | N/A | 5.4 MEDIUM |
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
|||||
| CVE-2024-37980 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-07 | N/A | 8.8 HIGH |
|
Microsoft SQL Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43474 | 1 Microsoft | 2 Sql Server 2017, Sql Server 2019 | 2025-01-07 | N/A | 7.6 HIGH |
|
Microsoft SQL Server Information Disclosure Vulnerability
|
|||||
| CVE-2024-45073 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Websphere Application Server and 4 more | 2025-01-07 | N/A | 4.8 MEDIUM |
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
|
|||||
| CVE-2024-29981 | 1 Microsoft | 1 Edge Chromium | 2025-01-06 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2024-29049 | 1 Microsoft | 1 Edge Chromium | 2025-01-06 | N/A | 4.1 MEDIUM |
|
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
|
|||||
| CVE-2023-34367 | 1 Microsoft | 1 Windows 7 | 2025-01-06 | N/A | 6.5 MEDIUM |
|
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.
|
|||||
| CVE-2019-16283 | 2 Hp, Microsoft | 2 Softpaq Installer, Windows | 2025-01-06 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
|
|||||
| CVE-2024-12108 | 2 Microsoft, Progress | 2 Windows, Whatsup Gold | 2025-01-06 | N/A | 9.6 CRITICAL |
|
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
|
|||||
| CVE-2024-20665 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-06 | N/A | 6.1 MEDIUM |
|
BitLocker Security Feature Bypass Vulnerability
|
|||||
| CVE-2023-5528 | 3 Fedoraproject, Kubernetes, Microsoft | 3 Fedora, Kubernetes, Windows | 2025-01-03 | N/A | 7.2 HIGH |
|
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
|
|||||
| CVE-2022-44708 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-01-02 | N/A | 8.3 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44704 | 1 Microsoft | 1 Windows Sysmon | 2025-01-02 | N/A | 7.8 HIGH |
|
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44702 | 1 Microsoft | 3 Terminal, Windows 10, Windows 11 | 2025-01-02 | N/A | 7.8 HIGH |
|
Windows Terminal Remote Code Execution Vulnerability
|
|||||
| CVE-2022-44688 | 1 Microsoft | 1 Edge Chromium | 2025-01-02 | N/A | 4.3 MEDIUM |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2022-41115 | 1 Microsoft | 1 Edge Chromium | 2025-01-02 | N/A | 6.6 MEDIUM |
|
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-41089 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2025-01-02 | N/A | 7.8 HIGH |
|
.NET Framework Remote Code Execution Vulnerability
|
|||||
| CVE-2022-41083 | 1 Microsoft | 1 Jupyter | 2025-01-02 | N/A | 7.8 HIGH |
|
Visual Studio Code Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-41081 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 8.1 HIGH |
|
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
|
|||||