Total
2876 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2817 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2024-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
| CVE-2015-1671 | 1 Microsoft | 11 .net Framework, Live Meeting, Lync and 8 more | 2024-06-28 | 9.3 HIGH | 7.8 HIGH |
| The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | |||||
| CVE-2014-4123 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2024-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. | |||||
| CVE-2014-4148 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-06-28 | 9.3 HIGH | 8.8 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | |||||
| CVE-2015-2425 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows 8.1 and 3 more | 2024-06-28 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384. | |||||
| CVE-2022-30190 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-06-28 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability. | |||||
| CVE-2022-26925 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2024-06-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows LSA Spoofing Vulnerability | |||||
| CVE-2022-22047 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-06-28 | 7.2 HIGH | 7.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||
| CVE-2022-34713 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-06-28 | N/A | 7.8 HIGH |
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | |||||
| CVE-2022-26923 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-06-28 | 9.0 HIGH | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-37969 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-06-28 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2022-41033 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-06-28 | N/A | 7.8 HIGH |
| Windows COM+ Event System Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-41128 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-06-28 | N/A | 8.8 HIGH |
| Windows Scripting Languages Remote Code Execution Vulnerability | |||||
| CVE-2022-41125 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-06-28 | N/A | 7.8 HIGH |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-41073 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-06-28 | N/A | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2016-0165 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-06-27 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167. | |||||
| CVE-2019-1212 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-05-29 | 7.8 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. | |||||
| CVE-2019-1192 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2024-05-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how affected Microsoft browsers handle different-origin requests. | |||||
| CVE-2019-1187 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-05-29 | 5.0 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application. The update addresses the vulnerability by correcting how the XmlLite runtime parses XML input. | |||||
| CVE-2019-1183 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-05-29 | 9.3 HIGH | 8.8 HIGH |
| This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required. | |||||