Filtered by vendor Microsoft
Subscribe
Total
19339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38017 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-07-11 | N/A | 5.5 MEDIUM |
| Microsoft Message Queuing Information Disclosure Vulnerability | |||||
| CVE-2024-38015 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2024-07-11 | N/A | 7.5 HIGH |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |||||
| CVE-2024-38013 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-11 | N/A | 6.7 MEDIUM |
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | |||||
| CVE-2024-38071 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-07-11 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | |||||
| CVE-2024-38080 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2024-07-10 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2021-42287 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-07-09 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2017-0148 | 2 Microsoft, Siemens | 27 Server Message Block, Windows 10 1507, Windows 10 1511 and 24 more | 2024-07-09 | 9.3 HIGH | 8.1 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | |||||
| CVE-2021-31166 | 1 Microsoft | 4 Windows 10 2004, Windows 10 20h2, Windows Server 2004 and 1 more | 2024-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| HTTP Protocol Stack Remote Code Execution Vulnerability | |||||
| CVE-2021-34484 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-07-09 | 4.6 MEDIUM | 7.8 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2015-1770 | 1 Microsoft | 1 Office | 2024-07-09 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability." | |||||
| CVE-2013-3660 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2024-07-09 | 6.9 MEDIUM | 7.8 HIGH |
| The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability." | |||||
| CVE-2016-0151 | 1 Microsoft | 5 Windows 10 1507, Windows 10 1511, Windows 8.1 and 2 more | 2024-07-09 | 7.2 HIGH | 7.8 HIGH |
| The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." | |||||
| CVE-2016-0189 | 1 Microsoft | 11 Internet Explorer, Jscript, Vbscript and 8 more | 2024-07-09 | 7.6 HIGH | 7.5 HIGH |
| The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. | |||||
| CVE-2017-0213 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1511, Windows 10 1607 and 7 more | 2024-07-09 | 1.9 LOW | 7.3 HIGH |
| Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. | |||||
| CVE-2015-2419 | 1 Microsoft | 8 Internet Explorer, Windows 7, Windows 8 and 5 more | 2024-07-09 | 9.3 HIGH | 8.8 HIGH |
| JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability." | |||||
| CVE-2010-4398 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-07-09 | 7.2 HIGH | 7.8 HIGH |
| Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." | |||||
| CVE-2011-2005 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-07-09 | 7.2 HIGH | 7.8 HIGH |
| afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2012-2539 | 1 Microsoft | 5 Office Compatibility Pack, Office Web Apps, Office Word Viewer and 2 more | 2024-07-09 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." | |||||
| CVE-2013-2551 | 1 Microsoft | 9 Internet Explorer, Windows 7, Windows 8 and 6 more | 2024-07-09 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | |||||
| CVE-2016-0040 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-07-09 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | |||||