Filtered by vendor Microsoft
Subscribe
Search
Total
2970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26414 | 1 Microsoft | 10 Windows 10, Windows 7, Windows 8.1 and 7 more | 2023-08-01 | 4.3 MEDIUM | 4.8 MEDIUM |
| Windows DCOM Server Security Feature Bypass | |||||
| CVE-2021-31960 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Windows Bind Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2021-31957 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, .net Core and 1 more | 2023-08-01 | 5.0 MEDIUM | 5.9 MEDIUM |
| ASP.NET Denial of Service Vulnerability | |||||
| CVE-2021-31965 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-01 | 4.0 MEDIUM | 5.7 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-31955 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2021-40454 | 1 Microsoft | 11 365 Apps, Office, Windows 10 and 8 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Rich Text Edit Control Information Disclosure Vulnerability | |||||
| CVE-2021-31978 | 1 Microsoft | 1 Malware Protection Engine | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Defender Denial of Service Vulnerability | |||||
| CVE-2021-31972 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Event Tracing for Windows Information Disclosure Vulnerability | |||||
| CVE-2021-40460 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-08-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | |||||
| CVE-2021-31970 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | |||||
| CVE-2021-40468 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Windows Bind Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2021-41353 | 1 Microsoft | 1 Dynamics 365 | 2023-08-01 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | |||||
| CVE-2021-41350 | 1 Microsoft | 1 Exchange Server | 2023-08-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-41343 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Windows Fast FAT File System Driver Information Disclosure Vulnerability | |||||
| CVE-2021-41346 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-01 | 4.6 MEDIUM | 5.3 MEDIUM |
| Console Window Host Security Feature Bypass Vulnerability | |||||
| CVE-2021-41337 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2023-08-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Active Directory Security Feature Bypass Vulnerability | |||||
| CVE-2021-41339 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2023-08-01 | 4.6 MEDIUM | 4.7 MEDIUM |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2021-40472 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2023-33144 | 1 Microsoft | 1 Visual Studio Code | 2023-08-01 | N/A | 6.6 MEDIUM |
| Visual Studio Code Spoofing Vulnerability | |||||
| CVE-2023-32020 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2023-08-01 | N/A | 5.6 MEDIUM |
| Windows DNS Spoofing Vulnerability | |||||
| CVE-2023-32013 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2023-08-01 | N/A | 5.3 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-42307 | 1 Microsoft | 1 Edge Chromium | 2023-08-01 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-35392 | 1 Microsoft | 1 Edge Chromium | 2023-08-01 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-38173 | 1 Microsoft | 1 Edge Chromium | 2023-08-01 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2023-38187 | 1 Microsoft | 1 Edge Chromium | 2023-08-01 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-23487 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2023-07-31 | N/A | 4.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918. | |||||
| CVE-2023-29256 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-07-31 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046. | |||||
| CVE-2023-29260 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2023-07-28 | N/A | 5.4 MEDIUM |
| IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135. | |||||
| CVE-2023-35900 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-07-28 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. | |||||
| CVE-2023-35898 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-07-28 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. | |||||
| CVE-2023-29259 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Sterling Connect\, Linux Kernel and 2 more | 2023-07-28 | N/A | 5.3 MEDIUM |
| IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055. | |||||
| CVE-2023-24896 | 1 Microsoft | 1 Dynamics 365 | 2023-07-27 | N/A | 5.4 MEDIUM |
| Dynamics 365 Finance Spoofing Vulnerability | |||||
| CVE-2023-37142 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). | |||||
| CVE-2023-37143 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). | |||||
| CVE-2023-37140 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). | |||||
| CVE-2023-37139 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). | |||||
| CVE-2023-37141 | 1 Microsoft | 1 Chakracore | 2023-07-27 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). | |||||
| CVE-2023-33857 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-07-26 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | |||||
| CVE-2023-35901 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2023-07-26 | N/A | 5.3 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. | |||||
| CVE-2023-36883 | 1 Microsoft | 1 Edge | 2023-07-26 | N/A | 4.3 MEDIUM |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2023-36888 | 1 Microsoft | 1 Edge Chromium | 2023-07-26 | N/A | 6.3 MEDIUM |
| Microsoft Edge for Android (Chromium-based) Tampering Vulnerability | |||||
| CVE-2023-3434 | 2 Microsoft, Savoirfairelinux | 2 Windows, Jami | 2023-07-26 | N/A | 5.4 MEDIUM |
| Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger. | |||||
| CVE-2022-22389 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2022-07-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. | |||||
| CVE-2022-30532 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Server | 2022-07-28 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | |||||
| CVE-2022-28877 | 2 F-secure, Microsoft | 2 Elements Endpoint Protection, Windows | 2022-07-27 | N/A | 6.7 MEDIUM |
| This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation. | |||||
| CVE-2021-1258 | 3 Cisco, Mcafee, Microsoft | 3 Anyconnect Secure Mobility Client, Agent Epolicy Orchestrator Extension, Windows | 2022-07-25 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. | |||||
| CVE-2022-28681 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-07-23 | N/A | 6.1 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16825. | |||||
| CVE-2022-34252 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34232 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34233 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||