Filtered by vendor Microsoft
Subscribe
Total
20027 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21429 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-29 | N/A | 6.8 MEDIUM |
| Windows USB Hub Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-21423 | 1 Microsoft | 1 Edge Chromium | 2024-11-29 | N/A | 4.8 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-26188 | 1 Microsoft | 1 Edge | 2024-11-29 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-26192 | 1 Microsoft | 1 Edge Chromium | 2024-11-29 | N/A | 8.2 HIGH |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-26167 | 1 Microsoft | 1 Edge | 2024-11-29 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2024-20671 | 1 Microsoft | 1 Windows Defender Antimalware Platform | 2024-11-29 | N/A | 5.5 MEDIUM |
| Microsoft Defender Security Feature Bypass Vulnerability | |||||
| CVE-2002-0367 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-29 | 7.2 HIGH | 7.8 HIGH |
| smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | |||||
| CVE-2024-30051 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-29 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2024-29988 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-29 | N/A | 8.8 HIGH |
| SmartScreen Prompt Security Feature Bypass Vulnerability | |||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-29 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-30088 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-29 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-30040 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-29 | N/A | 8.8 HIGH |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2024-11-29 | N/A | 9.8 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-29 | N/A | 7.6 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2024-21338 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-29 | N/A | 8.1 HIGH |
| Internet Shortcut Files Security Feature Bypass Vulnerability | |||||
| CVE-2023-41763 | 1 Microsoft | 1 Skype For Business Server | 2024-11-29 | N/A | 5.3 MEDIUM |
| Skype for Business Elevation of Privilege Vulnerability | |||||
| CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-29 | N/A | 7.2 HIGH |
| A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-18689 | 14 Apple, Avanquest, Foxitsoftware and 11 more | 20 Macos, Expert Pdf Ultimate, Pdf Experte Ultimate and 17 more | 2024-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. | |||||
| CVE-2013-2251 | 5 Apache, Fujitsu, Microsoft and 2 more | 21 Archiva, Struts, Gp-s and 18 more | 2024-11-27 | 9.3 HIGH | 9.8 CRITICAL |
| Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | |||||