Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3955 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | |||||
| CVE-2021-25736 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 6.3 MEDIUM |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | |||||
| CVE-2023-36803 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-12-21 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-38140 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2023-12-21 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-46263 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | |||||
| CVE-2023-46264 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46261 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46259 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46221 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46222 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46225 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46224 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46223 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46216 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46220 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2022-30159 | 1 Microsoft | 3 Office Online Server, Office Web Apps Server, Sharepoint Server | 2023-12-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172. | |||||
| CVE-2022-24512 | 2 Fedoraproject, Microsoft | 6 Fedora, .net, .net Core and 3 more | 2023-12-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2022-21858 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Bind Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-21857 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 9.0 HIGH | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-21873 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Tile Data Repository Elevation of Privilege Vulnerability | |||||
| CVE-2022-21906 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2023-12-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Defender Application Control Security Feature Bypass Vulnerability | |||||
| CVE-2022-21912 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2019 | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| DirectX Graphics Kernel Remote Code Execution Vulnerability | |||||
| CVE-2022-21894 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 4.9 MEDIUM | 4.4 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2022-21902 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2022-21874 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 10.0 HIGH | 9.8 CRITICAL |
| Windows Security Center API Remote Code Execution Vulnerability | |||||
| CVE-2022-21880 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 7.8 HIGH | 7.5 HIGH |
| Windows GDI+ Information Disclosure Vulnerability | |||||
| CVE-2022-21878 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2023-12-21 | 9.3 HIGH | 7.8 HIGH |
| Windows Geolocation Service Remote Code Execution Vulnerability | |||||
| CVE-2022-21870 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | |||||
| CVE-2022-21866 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2023-12-21 | 4.4 MEDIUM | 7.0 HIGH |
| Windows System Launcher Elevation of Privilege Vulnerability | |||||
| CVE-2022-21864 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2023-12-21 | 4.4 MEDIUM | 7.0 HIGH |
| Windows UI Immersive Server API Elevation of Privilege Vulnerability | |||||
| CVE-2022-21862 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Application Model Core API Elevation of Privilege Vulnerability | |||||
| CVE-2022-21881 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Server and 3 more | 2023-12-21 | 7.2 HIGH | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-21860 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2023-12-21 | 4.4 MEDIUM | 7.0 HIGH |
| Windows AppContracts API Server Elevation of Privilege Vulnerability | |||||
| CVE-2022-21859 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-21 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Accounts Control Elevation of Privilege Vulnerability | |||||
| CVE-2022-21883 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 7.1 HIGH | 7.5 HIGH |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | |||||
| CVE-2022-21850 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 9.3 HIGH | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2022-21890 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 4.3 MEDIUM | 7.5 HIGH |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | |||||
| CVE-2022-21889 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-21 | 4.3 MEDIUM | 7.5 HIGH |
| Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | |||||
| CVE-2022-21911 | 1 Microsoft | 10 .net Framework, Windows 10, Windows 11 and 7 more | 2023-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2022-21875 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Server and 3 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2022-21835 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-21924 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| Workstation Service Remote Protocol Security Feature Bypass Vulnerability | |||||
| CVE-2022-21922 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-12-21 | 9.0 HIGH | 8.8 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||