Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37243 | 2 Atera, Microsoft | 2 Agent Package Availability, Windows | 2024-09-05 | N/A | 7.8 HIGH |
| The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | |||||
| CVE-2024-7262 | 2 Kingsoft, Microsoft | 2 Wps Office, Windows | 2024-09-05 | N/A | 7.8 HIGH |
| Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | |||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | |||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | |||||
| CVE-2023-45284 | 2 Golang, Microsoft | 2 Go, Windows | 2024-09-03 | N/A | 5.3 MEDIUM |
| On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. | |||||
| CVE-2023-22285 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | N/A | 7.5 HIGH |
| Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | N/A | 7.2 HIGH |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-36374 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-08-30 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-24482 | 2 Apktool, Microsoft | 2 Apktool, Windows | 2024-08-29 | N/A | 9.8 CRITICAL |
| Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | |||||
| CVE-2024-25140 | 2 Microsoft, Rustdesk | 2 Windows, Rustdesk | 2024-08-29 | N/A | 9.8 CRITICAL |
| A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. | |||||
| CVE-2023-35352 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-08-29 | N/A | 7.5 HIGH |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||
| CVE-2024-38219 | 1 Microsoft | 1 Edge Chromium | 2024-08-29 | N/A | 9.0 CRITICAL |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-37325 | 1 Microsoft | 1 Azure Data Science Virtual Machine | 2024-08-28 | N/A | 8.1 HIGH |
| Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | |||||
| CVE-2024-43472 | 1 Microsoft | 1 Edge Chromium | 2024-08-28 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-0213 | 2 M-files, Microsoft | 2 M-files, Windows | 2024-08-28 | N/A | 7.8 HIGH |
| Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. | |||||
| CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2024-7979 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2024-39745 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 7.5 HIGH |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-39744 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 4.3 MEDIUM |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-39746 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 5.9 MEDIUM |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||