Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-08-04 | 4.4 MEDIUM | 7.8 HIGH |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | |||||
| CVE-2022-29583 | 2 Microsoft, Service Project | 2 Windows, Service | 2024-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others. | |||||
| CVE-2022-3734 | 2 Microsoft, Redis | 2 Windows, Redis | 2024-08-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. | |||||
| CVE-2023-51750 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2024-08-02 | N/A | 4.6 MEDIUM |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." | |||||
| CVE-2024-20783 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-02 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20785 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-02 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20782 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-02 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20781 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-02 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-32783 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adaudit Plus | 2024-08-02 | N/A | 7.5 HIGH |
| The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour." | |||||
| CVE-2023-24069 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-08-02 | N/A | 3.3 LOW |
| Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.) NOTE: the vendor disputes the relevance of this finding because the product is not intended to protect against adversaries with this degree of local access. | |||||
| CVE-2023-24023 | 2 Bluetooth, Microsoft | 10 Bluetooth Core Specification, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-08-01 | N/A | 6.8 MEDIUM |
| Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. | |||||
| CVE-2024-33879 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2024-08-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter. | |||||
| CVE-2023-46223 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-08-01 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-28270 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2024-08-01 | N/A | 6.8 MEDIUM |
| Windows Lock Screen Security Feature Bypass Vulnerability | |||||
| CVE-2023-28249 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-08-01 | N/A | 6.8 MEDIUM |
| Windows Boot Manager Security Feature Bypass Vulnerability | |||||
| CVE-2023-28232 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-08-01 | N/A | 7.5 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2023-32020 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-08-01 | N/A | 5.6 MEDIUM |
| Windows DNS Spoofing Vulnerability | |||||
| CVE-2023-24932 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-08-01 | N/A | 6.7 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2022-24540 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-08-01 | 4.4 MEDIUM | 7.0 HIGH |
| Windows ALPC Elevation of Privilege Vulnerability | |||||
| CVE-2021-40456 | 1 Microsoft | 3 Windows Server, Windows Server 2019, Windows Server 2022 | 2024-08-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Windows AD FS Security Feature Bypass Vulnerability | |||||