Filtered by vendor Microsoft
Subscribe
Search
Total
6671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35641 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-12-15 | N/A | 8.8 HIGH |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |||||
| CVE-2023-47075 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47074 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47063 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-36391 | 1 Microsoft | 1 Windows 11 23h2 | 2023-12-14 | N/A | 7.8 HIGH |
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-35638 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-14 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2023-35624 | 1 Microsoft | 1 Azure Connected Machine Agent | 2023-12-14 | N/A | 7.3 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-35622 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2023-12-14 | N/A | 7.5 HIGH |
| Windows DNS Spoofing Vulnerability | |||||
| CVE-2023-35628 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-14 | N/A | 8.1 HIGH |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2023-36696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2023-12-14 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-35632 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2023-12-14 | N/A | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2023-35631 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2023-12-14 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2023-35630 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2023-12-14 | N/A | 8.8 HIGH |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35634 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 | 2023-12-14 | N/A | 8.8 HIGH |
| Windows Bluetooth Driver Remote Code Execution Vulnerability | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. | |||||
| CVE-2023-32028 | 1 Microsoft | 2 Ole Db Driver For Sql Server, Sql Server | 2023-12-14 | N/A | 7.8 HIGH |
| Microsoft SQL OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-45283 | 2 Golang, Microsoft | 2 Go, Windows | 2023-12-14 | N/A | 7.5 HIGH |
| The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored. | |||||
| CVE-2023-36585 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 8 more | 2023-12-14 | N/A | 7.5 HIGH |
| Windows upnphost.dll Denial of Service Vulnerability | |||||
| CVE-2022-24464 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2023-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2022-24767 | 2 Git For Windows Project, Microsoft | 4 Git For Windows, Visual Studio 2017, Visual Studio 2019 and 1 more | 2023-12-13 | 6.9 MEDIUM | 7.8 HIGH |
| GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | |||||
| CVE-2023-21808 | 1 Microsoft | 25 .net, .net Framework, Visual Studio 2017 and 22 more | 2023-12-13 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-28296 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2023-12-13 | N/A | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-33170 | 2 Fedoraproject, Microsoft | 3 Fedora, .net, Visual Studio 2022 | 2023-12-13 | N/A | 8.1 HIGH |
| ASP.NET and Visual Studio Security Feature Bypass Vulnerability | |||||
| CVE-2023-33127 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2023-12-13 | N/A | 8.1 HIGH |
| .NET and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-48861 | 2 Baidu, Microsoft | 2 Ttplayer, Windows | 2023-12-11 | N/A | 7.8 HIGH |
| DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | |||||
| CVE-2023-45252 | 2 Huddly, Microsoft | 2 Huddlycameraservice, Windows | 2023-12-08 | N/A | 7.8 HIGH |
| DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute arbitrary code, and escalate privileges. | |||||
| CVE-2023-45253 | 2 Huddly, Microsoft | 2 Huddlycameraservices, Windows | 2023-12-08 | N/A | 7.8 HIGH |
| An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. | |||||
| CVE-2019-0232 | 2 Apache, Microsoft | 2 Tomcat, Windows | 2023-12-08 | 9.3 HIGH | 8.1 HIGH |
| When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/). | |||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2023-12-07 | N/A | 7.8 HIGH |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
| CVE-2023-47701 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. | |||||
| CVE-2023-38727 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. | |||||
| CVE-2023-40687 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2023-12-07 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. | |||||
| CVE-2023-4770 | 2 4d, Microsoft | 3 4d, Server, Windows | 2023-12-06 | N/A | 7.8 HIGH |
| An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. | |||||
| CVE-2023-44330 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-12-05 | N/A | 7.8 HIGH |
| Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-38268 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585. | |||||
| CVE-2023-40699 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-12-04 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | |||||
| CVE-2023-47047 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2023-12-04 | N/A | 7.8 HIGH |
| Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-47264 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | |||||
| CVE-2023-49322 | 4 Apple, F-secure, Linux and 1 more | 10 Macos, Atlant, Client Security and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. | |||||
| CVE-2023-47263 | 4 Apple, Linux, Microsoft and 1 more | 10 Macos, Linux Kernel, Windows and 7 more | 2023-12-01 | N/A | 7.5 HIGH |
| Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | |||||
| CVE-2023-3676 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-11-30 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
| CVE-2023-27305 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2023-11-30 | N/A | 7.8 HIGH |
| Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-38156 | 1 Microsoft | 1 Azure Hdinsights | 2023-11-30 | N/A | 7.2 HIGH |
| Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | |||||
| CVE-2023-28378 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2023-11-30 | N/A | 7.8 HIGH |
| Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-36038 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2023-11-30 | N/A | 7.5 HIGH |
| ASP.NET Core Denial of Service Vulnerability | |||||
| CVE-2023-28401 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2023-11-30 | N/A | 7.8 HIGH |
| Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28741 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2023-11-30 | N/A | 7.8 HIGH |
| Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28740 | 2 Intel, Microsoft | 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more | 2023-11-30 | N/A | 7.8 HIGH |
| Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29165 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2023-11-30 | N/A | 7.3 HIGH |
| Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39246 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2023-11-29 | N/A | 7.3 HIGH |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | |||||