Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12615 | 4 Apache, Microsoft, Netapp and 1 more | 23 Tomcat, Windows, 7-mode Transition Tool and 20 more | 2025-03-13 | 6.8 MEDIUM | 8.1 HIGH |
| When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | |||||
| CVE-2015-2425 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows 8.1 and 3 more | 2025-03-13 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384. | |||||
| CVE-2015-0071 | 1 Microsoft | 9 Internet Explorer, Windows 7, Windows 8 and 6 more | 2025-03-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||||
| CVE-2025-24984 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-03-13 | N/A | 4.6 MEDIUM |
| Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | |||||
| CVE-2025-24983 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1607, Windows Server 2008 and 2 more | 2025-03-13 | N/A | 7.0 HIGH |
| Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2013-2251 | 5 Apache, Fujitsu, Microsoft and 2 more | 21 Archiva, Struts, Gp-s and 18 more | 2025-03-13 | 9.3 HIGH | 9.8 CRITICAL |
| Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | |||||
| CVE-2025-26643 | 1 Microsoft | 1 Edge Chromium | 2025-03-13 | N/A | 5.4 MEDIUM |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2020-0878 | 1 Microsoft | 19 Chakracore, Edge, Internet Explorer and 16 more | 2025-03-13 | 5.1 MEDIUM | N/A |
| <p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p> | |||||
| CVE-2024-9965 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-13 | N/A | 8.8 HIGH |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2019-1429 | 1 Microsoft | 14 Internet Explorer, Windows 10 1507, Windows 10 1607 and 11 more | 2025-03-13 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. | |||||
| CVE-2021-31207 | 1 Microsoft | 1 Exchange Server | 2025-03-13 | 6.5 MEDIUM | N/A |
| Microsoft Exchange Server Security Feature Bypass Vulnerability | |||||
| CVE-2021-31166 | 1 Microsoft | 4 Windows 10 2004, Windows 10 20h2, Windows Server 2004 and 1 more | 2025-03-13 | 7.5 HIGH | N/A |
| HTTP Protocol Stack Remote Code Execution Vulnerability | |||||
| CVE-2021-28310 | 1 Microsoft | 9 Windows 10 1803, Windows 10 1809, Windows 10 1909 and 6 more | 2025-03-13 | 4.6 MEDIUM | N/A |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-26411 | 1 Microsoft | 16 Edge, Internet Explorer, Windows 10 1507 and 13 more | 2025-03-13 | 5.1 MEDIUM | N/A |
| Internet Explorer Memory Corruption Vulnerability | |||||
| CVE-2021-40449 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-03-13 | 4.6 MEDIUM | N/A |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2025-03-13 | 6.5 MEDIUM | 8.8 HIGH |
| An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
| CVE-2021-29669 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-13 | N/A | 5.4 MEDIUM |
| IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-4863 | 9 Bandisoft, Bentley, Debian and 6 more | 12 Honeyview, Seequent Leapfrog, Debian Linux and 9 more | 2025-03-13 | N/A | 8.8 HIGH |
| Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-03-13 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21823 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-13 | N/A | 7.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||