Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38183 | 1 Microsoft | 1 Groupme | 2024-12-31 | N/A | 9.8 CRITICAL |
|
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.
|
|||||
| CVE-2024-20661 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-31 | N/A | 7.5 HIGH |
|
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
|
|||||
| CVE-2022-43842 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-12-31 | N/A | 8.6 HIGH |
|
IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079.
|
|||||
| CVE-2024-21439 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.0 HIGH |
|
Windows Telephony Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21437 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21435 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-12-27 | N/A | 8.8 HIGH |
|
Windows OLE Remote Code Execution Vulnerability
|
|||||
| CVE-2024-21421 | 1 Microsoft | 1 Azure Software Development Kit | 2024-12-27 | N/A | 7.5 HIGH |
|
Azure SDK Spoofing Vulnerability
|
|||||
| CVE-2024-26170 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26165 | 1 Microsoft | 1 Visual Studio Code | 2024-12-27 | N/A | 8.8 HIGH |
|
Visual Studio Code Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26160 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2024-12-27 | N/A | 5.5 MEDIUM |
|
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
|
|||||
| CVE-2024-21446 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.8 HIGH |
|
NTFS Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21445 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-12-27 | N/A | 7.0 HIGH |
|
Windows USB Print Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21443 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-12-27 | N/A | 7.3 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26177 | 1 Microsoft | 7 Windows 10 1507, Windows 10 1607, Windows 11 23h2 and 4 more | 2024-12-27 | N/A | 5.5 MEDIUM |
|
Windows Kernel Information Disclosure Vulnerability
|
|||||
| CVE-2024-26176 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26174 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 5.5 MEDIUM |
|
Windows Kernel Information Disclosure Vulnerability
|
|||||
| CVE-2024-26173 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26197 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-12-27 | N/A | 6.5 MEDIUM |
|
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
|
|||||
| CVE-2024-26190 | 1 Microsoft | 8 .net, Powershell, Visual Studio 2022 and 5 more | 2024-12-27 | N/A | 7.5 HIGH |
|
Microsoft QUIC Denial of Service Vulnerability
|
|||||
| CVE-2024-26185 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-12-27 | N/A | 6.5 MEDIUM |
|
Windows Compressed Folder Tampering Vulnerability
|
|||||
| CVE-2024-26182 | 1 Microsoft | 6 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 3 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26181 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 5.5 MEDIUM |
|
Windows Kernel Denial of Service Vulnerability
|
|||||
| CVE-2024-26178 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 21h2 and 9 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21330 | 1 Microsoft | 8 Azure Automation, Azure Automation Update Management, Azure Security Center and 5 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21436 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-5495 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-26 | N/A | 8.8 HIGH |
|
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-5494 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-26 | N/A | 8.8 HIGH |
|
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-6292 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-26 | N/A | 8.8 HIGH |
|
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-6293 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-26 | N/A | 8.8 HIGH |
|
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-8975 | 2 Grafana, Microsoft | 2 Alloy, Windows | 2024-12-26 | N/A | 7.3 HIGH |
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.
|
|||||
| CVE-2024-5160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-20 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-49513 | 4 Adobe, Apple, Linux and 1 more | 4 Pdf Library Sdk, Macos, Linux Kernel and 1 more | 2024-12-19 | N/A | 7.8 HIGH |
|
PDFL SDK versions 21.0.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-3841 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-19 | N/A | 6.1 MEDIUM |
|
Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2024-49543 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49544 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49545 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49546 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49547 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49548 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-49549 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 5.5 MEDIUM |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||