Total
9763 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24937 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-05-29 | N/A | 6.5 MEDIUM |
Windows CryptoAPI Denial of Service Vulnerability | |||||
CVE-2023-24893 | 1 Microsoft | 1 Visual Studio Code | 2024-05-29 | N/A | 7.8 HIGH |
Visual Studio Code Remote Code Execution Vulnerability | |||||
CVE-2023-23375 | 1 Microsoft | 2 Odbc, Ole Db | 2024-05-29 | N/A | 7.8 HIGH |
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | |||||
CVE-2023-21554 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2024-05-29 | N/A | 9.8 CRITICAL |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
CVE-2024-26170 | 2024-05-29 | N/A | 7.8 HIGH | ||
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | |||||
CVE-2024-21448 | 2024-05-29 | N/A | 5.0 MEDIUM | ||
Microsoft Teams for Android Information Disclosure Vulnerability | |||||
CVE-2024-21374 | 1 Microsoft | 1 Teams | 2024-05-29 | N/A | 5.0 MEDIUM |
Microsoft Teams for Android Information Disclosure Vulnerability | |||||
CVE-2024-21319 | 1 Microsoft | 3 .net, Identity Model, Visual Studio 2022 | 2024-05-29 | N/A | 6.8 MEDIUM |
Microsoft Identity Denial of service vulnerability | |||||
CVE-2024-21316 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 7 more | 2024-05-29 | N/A | 6.1 MEDIUM |
Windows Server Key Distribution Service Security Feature Bypass | |||||
CVE-2024-21315 | 2024-05-29 | N/A | 7.8 HIGH | ||
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | |||||
CVE-2024-20684 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-05-29 | N/A | 6.5 MEDIUM |
Windows Hyper-V Denial of Service Vulnerability | |||||
CVE-2020-1025 | 1 Microsoft | 5 Lync, Sharepoint Enterprise Server, Sharepoint Foundation and 2 more | 2024-05-28 | 7.5 HIGH | 9.8 CRITICAL |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens. | |||||
CVE-2024-29998 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-05-23 | N/A | 6.8 MEDIUM |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
CVE-2024-30002 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-05-23 | N/A | 6.8 MEDIUM |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
CVE-2024-1481 | 2024-05-22 | N/A | 5.3 MEDIUM | ||
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | |||||
CVE-2024-4287 | 2024-05-20 | N/A | 8.1 HIGH | ||
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. | |||||
CVE-2021-22508 | 2024-05-20 | N/A | 7.2 HIGH | ||
A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application. | |||||
CVE-2023-28402 | 2024-05-17 | N/A | 7.2 HIGH | ||
Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-38417 | 2024-05-17 | N/A | 4.3 MEDIUM | ||
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
CVE-2024-4609 | 2024-05-17 | N/A | N/A | ||
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. |