Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19092 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21338 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2024-03-05 N/A 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-3734 2 Microsoft, Redis 2 Windows, Redis 2024-03-04 N/A 9.8 CRITICAL
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
CVE-2023-29360 1 Microsoft 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more 2024-03-04 N/A 8.4 HIGH
Microsoft Streaming Service Elevation of Privilege Vulnerability
CVE-2023-50387 8 Fedoraproject, Isc, Microsoft and 5 more 13 Fedora, Bind, Windows Server 2008 and 10 more 2024-03-04 N/A 7.5 HIGH
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
CVE-2024-20734 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 5.5 MEDIUM
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20733 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 5.5 MEDIUM
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20731 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20730 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20729 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20728 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20727 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20726 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-21406 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2024-03-01 N/A 7.5 HIGH
Windows Printing Service Spoofing Vulnerability
CVE-2024-21380 1 Microsoft 1 Dynamics 365 Business Central 2024-03-01 N/A 8.0 HIGH
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
CVE-2024-21379 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2024-03-01 N/A 7.8 HIGH
Microsoft Word Remote Code Execution Vulnerability
CVE-2024-21378 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2024-03-01 N/A 8.0 HIGH
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21377 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-03-01 N/A 5.5 MEDIUM
Windows DNS Information Disclosure Vulnerability
CVE-2024-0770 2 Echa.europa, Microsoft 2 Iuclid, Windows 2024-02-29 3.2 LOW 7.1 HIGH
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0725 2 Microsoft, Prosshd 2 Windows, Prosshd 2024-02-29 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548.
CVE-2024-0723 2 Freesshd, Microsoft 2 Freesshd, Windows 2024-02-29 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.