Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43230 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42294 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-28 | 6.5 MEDIUM | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2021-43226 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-28 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-24765 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Xcode, Debian Linux, Fedora and 2 more | 2023-12-27 | 6.9 MEDIUM | 7.8 HIGH |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | |||||
| CVE-2023-38719 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 4.4 MEDIUM |
| IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607. | |||||
| CVE-2023-40373 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. | |||||
| CVE-2023-40372 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. | |||||
| CVE-2023-40374 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. | |||||
| CVE-2023-38720 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | |||||
| CVE-2023-38740 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. | |||||
| CVE-2023-38728 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. | |||||
| CVE-2023-30987 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. | |||||
| CVE-2023-30991 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037. | |||||
| CVE-2023-47704 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 7.5 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220. | |||||
| CVE-2023-47706 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 8.8 HIGH |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341. | |||||
| CVE-2023-47702 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 9.1 CRITICAL |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. | |||||
| CVE-2023-47703 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 5.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197. | |||||
| CVE-2023-47705 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 4.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. IBM X-Force ID: 271228. | |||||
| CVE-2023-47707 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2023-12-22 | N/A | 5.4 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522. | |||||
| CVE-2023-46264 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||