Filtered by vendor Microsoft
Subscribe
Total
19518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-09-06 | N/A | 9.8 CRITICAL |
| A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | |||||
| CVE-2024-32152 | 3 Ankitects, Linux, Microsoft | 3 Anki, Linux Kernel, Windows | 2024-09-06 | N/A | 4.3 MEDIUM |
| A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability. | |||||
| CVE-2024-45107 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-06 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-23441 | 2 Anti-virus, Microsoft | 2 Vba32, Windows | 2024-09-05 | N/A | 5.5 MEDIUM |
| Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | |||||
| CVE-2024-38176 | 1 Microsoft | 1 Groupme | 2024-09-05 | N/A | 8.1 HIGH |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-38164 | 1 Microsoft | 1 Groupme | 2024-09-05 | N/A | 8.8 HIGH |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | |||||
| CVE-2024-41879 | 2 Adobe, Microsoft | 2 Acrobat Reader, Edge | 2024-09-05 | N/A | 7.8 HIGH |
| Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-37243 | 2 Atera, Microsoft | 2 Agent Package Availability, Windows | 2024-09-05 | N/A | 7.8 HIGH |
| The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | |||||
| CVE-2024-7262 | 2 Kingsoft, Microsoft | 2 Wps Office, Windows | 2024-09-05 | N/A | 7.8 HIGH |
| Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | |||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | |||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | |||||
| CVE-2023-45284 | 2 Golang, Microsoft | 2 Go, Windows | 2024-09-03 | N/A | 5.3 MEDIUM |
| On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. | |||||
| CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | N/A | 7.2 HIGH |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2023-22285 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-08-30 | N/A | 7.5 HIGH |
| Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-36374 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-08-30 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-38208 | 2 Google, Microsoft | 2 Android, Edge | 2024-08-29 | N/A | 6.1 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2024-38209 | 1 Microsoft | 1 Edge Chromium | 2024-08-29 | N/A | 7.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-38210 | 1 Microsoft | 1 Edge Chromium | 2024-08-29 | N/A | 7.8 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-24482 | 2 Apktool, Microsoft | 2 Apktool, Windows | 2024-08-29 | N/A | 9.8 CRITICAL |
| Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | |||||
| CVE-2024-25140 | 2 Microsoft, Rustdesk | 2 Windows, Rustdesk | 2024-08-29 | N/A | 9.8 CRITICAL |
| A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. | |||||