Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26910 | 1 Microsoft | 1 Skype For Business Server | 2024-08-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Skype for Business and Lync Spoofing Vulnerability | |||||
| CVE-2022-22026 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-08-01 | 7.2 HIGH | 8.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||
| CVE-2022-44713 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2024-08-01 | N/A | 7.5 HIGH |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||
| CVE-2021-43237 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2024-08-01 | 6.9 MEDIUM | 7.3 HIGH |
| Windows Setup Elevation of Privilege Vulnerability | |||||
| CVE-2022-30203 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-08-01 | 4.6 MEDIUM | 7.4 HIGH |
| Windows Boot Manager Security Feature Bypass Vulnerability | |||||
| CVE-2022-22049 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-08-01 | 7.2 HIGH | 7.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||
| CVE-2022-26821 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-08-01 | 8.5 HIGH | 6.6 MEDIUM |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2022-41039 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-08-01 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2016-9952 | 2 Haxx, Microsoft | 2 Curl, Windows Embedded Compact | 2024-08-01 | 6.8 MEDIUM | 8.1 HIGH |
| The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." | |||||
| CVE-2019-1163 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-08-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures. | |||||
| CVE-2019-1164 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-01 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | |||||
| CVE-2019-0965 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-08-01 | 7.7 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. | |||||
| CVE-2019-1213 | 1 Microsoft | 1 Windows Server 2008 | 2024-08-01 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. | |||||
| CVE-2019-1148 | 1 Microsoft | 9 Office, Windows 10, Windows 7 and 6 more | 2024-08-01 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. | |||||
| CVE-2024-37973 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-31 | N/A | 8.8 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2024-07-30 | N/A | 5.9 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-20753 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-07-22 | N/A | 7.8 HIGH |
| Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-20652 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-19 | N/A | 8.1 HIGH |
| Windows HTML Platforms Security Feature Bypass Vulnerability | |||||
| CVE-2024-21377 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-19 | N/A | 5.5 MEDIUM |
| Windows DNS Information Disclosure Vulnerability | |||||
| CVE-2024-6746 | 2 Easyspider, Microsoft | 2 Easyspider, Windows | 2024-07-19 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet". | |||||