Filtered by vendor Microsoft
Subscribe
Total
19339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20666 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-06-11 | N/A | 6.6 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2020-36639 | 2 Alliedmods, Microsoft | 2 Amx Mod X, Windows | 2024-06-10 | 4.7 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-20697 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2024-06-10 | N/A | 7.3 HIGH |
| Windows Libarchive Remote Code Execution Vulnerability | |||||
| CVE-2023-20588 | 5 Amd, Debian, Fedoraproject and 2 more | 78 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 75 more | 2024-06-10 | N/A | 5.5 MEDIUM |
| A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | |||||
| CVE-2023-50387 | 8 Fedoraproject, Isc, Microsoft and 5 more | 13 Fedora, Bind, Windows Server 2008 and 10 more | 2024-06-10 | N/A | 7.5 HIGH |
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | |||||
| CVE-2023-20569 | 4 Amd, Debian, Fedoraproject and 1 more | 296 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 293 more | 2024-06-10 | N/A | 4.7 MEDIUM |
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | |||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2024-06-10 | N/A | 9.8 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-21338 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-06-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-06-10 | N/A | 8.4 HIGH |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-29357 | 1 Microsoft | 1 Sharepoint Server | 2024-06-10 | N/A | 9.8 CRITICAL |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-06-10 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-20696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-06-08 | N/A | 7.3 HIGH |
| Windows Libarchive Remote Code Execution Vulnerability | |||||
| CVE-2023-5257 | 2 Microsoft, Whitehsbg | 2 Windows, Jndiexploit | 2024-06-05 | 2.7 LOW | 5.7 MEDIUM |
| A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4973 | 2 Creativeitem, Microsoft | 2 Academy Lms, Windows | 2024-06-04 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2019-1258 | 1 Microsoft | 2 Active Directory Authentication Library, Nuget | 2024-05-29 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this vulneraiblity by accessing a service configured for On-Behalf-Of flow that assigns incorrect tokens. This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios. | |||||
| CVE-2019-1229 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. | |||||
| CVE-2019-1226 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | |||||
| CVE-2019-1225 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory. | |||||
| CVE-2019-1224 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory. | |||||
| CVE-2019-1223 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. | |||||