Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43584 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-16 | N/A | 8.4 HIGH |
| Windows Scripting Engine Security Feature Bypass Vulnerability | |||||
| CVE-2024-43582 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 8.1 HIGH |
| Remote Desktop Protocol Server Remote Code Execution Vulnerability | |||||
| CVE-2024-43481 | 1 Microsoft | 1 Power Bi Report Server | 2024-10-16 | N/A | 8.8 HIGH |
| Power BI Report Server Spoofing Vulnerability | |||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2024-10-16 | N/A | 7.1 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-38029 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-10-16 | N/A | 7.5 HIGH |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | |||||
| CVE-2024-37976 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2024-37982 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 7.8 HIGH |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2024-37979 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-10-16 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-41867 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-10-16 | N/A | 5.5 MEDIUM |
| After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-37983 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2024-10-16 | N/A | 6.5 MEDIUM |
| A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | |||||
| CVE-2021-42083 | 3 Linux, Microsoft, Osnexus | 3 Linux Kernel, Windows, Quantastor | 2024-10-16 | N/A | 5.4 MEDIUM |
| An authenticated attacker is able to create alerts that trigger a stored XSS attack. | |||||
| CVE-2024-41858 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-10-15 | N/A | 7.8 HIGH |
| InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2024-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | |||||
| CVE-2024-9469 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-10-15 | N/A | 5.5 MEDIUM |
| A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | |||||
| CVE-2024-8690 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-10-15 | N/A | 4.4 MEDIUM |
| A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | |||||
| CVE-2024-36991 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-15 | N/A | 7.5 HIGH |
| In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. | |||||
| CVE-2008-1083 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-10-15 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." | |||||
| CVE-2008-4835 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-10-15 | 10.0 HIGH | N/A |
| SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." | |||||
| CVE-2008-4036 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2024-10-15 | 7.2 HIGH | N/A |
| Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." | |||||