Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21315 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-01-22 | N/A | 7.8 HIGH |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||
| CVE-2024-49054 | 1 Microsoft | 1 Edge Chromium | 2025-01-21 | N/A | N/A |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2012-1872 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Vista and 1 more | 2025-01-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." | |||||
| CVE-2010-5159 | 2 Drweb, Microsoft | 2 Web Security Space, Windows Xp | 2025-01-21 | 6.2 MEDIUM | N/A |
| Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2012-0175 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-01-21 | 9.3 HIGH | N/A |
| The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." | |||||
| CVE-2010-5181 | 2 Gfi, Microsoft | 2 Vipre Antivirus, Windows Xp | 2025-01-21 | 6.2 MEDIUM | N/A |
| Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2010-5169 | 2 Emisoft, Microsoft | 2 Online Armor, Windows Xp | 2025-01-21 | 6.2 MEDIUM | N/A |
| Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute | |||||
| CVE-2012-0180 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-01-21 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." | |||||
| CVE-2023-33240 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-01-21 | N/A | 7.8 HIGH |
| Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | |||||
| CVE-2025-21339 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | N/A |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21338 | 1 Microsoft | 16 Office, Windows 10 1507, Windows 10 1607 and 13 more | 2025-01-21 | N/A | N/A |
| GDI+ Remote Code Execution Vulnerability | |||||
| CVE-2025-21330 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-21 | N/A | N/A |
| Windows Remote Desktop Services Denial of Service Vulnerability | |||||
| CVE-2025-21331 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-21 | N/A | N/A |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2025-21332 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | 8.8 HIGH |
| MapUrlToZone Security Feature Bypass Vulnerability | |||||
| CVE-2025-21344 | 1 Microsoft | 1 Sharepoint Server | 2025-01-21 | N/A | 7.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2025-21343 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-01-21 | N/A | N/A |
| Windows Web Threat Defense User Service Information Disclosure Vulnerability | |||||
| CVE-2025-21341 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | N/A |
| Windows Digital Media Elevation of Privilege Vulnerability | |||||
| CVE-2025-21340 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-21 | N/A | N/A |
| Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | |||||
| CVE-2025-21354 | 1 Microsoft | 3 365 Apps, Office, Office Online Server | 2025-01-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-21348 | 1 Microsoft | 1 Sharepoint Server | 2025-01-21 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||