Filtered by vendor Microsoft
Subscribe
Total
19339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4197 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2024-02-15 | 9.3 HIGH | 8.8 HIGH |
| Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut. | |||||
| CVE-2006-2374 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-15 | 2.1 LOW | 5.5 MEDIUM |
| The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." | |||||
| CVE-2021-26855 | 1 Microsoft | 1 Exchange Server | 2024-02-15 | 7.5 HIGH | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2015-1743 | 1 Microsoft | 1 Internet Explorer | 2024-02-15 | 5.1 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748. | |||||
| CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-02-15 | N/A | 5.5 MEDIUM |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | |||||
| CVE-2023-47131 | 4 Google, Microsoft, Mozilla and 1 more | 4 Chrome, Edge, Firefox and 1 more | 2024-02-15 | N/A | 7.5 HIGH |
| The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. | |||||
| CVE-2024-23769 | 2 Microsoft, Samsung | 2 Windows, Magician | 2024-02-15 | N/A | 5.5 MEDIUM |
| Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. | |||||
| CVE-2005-0918 | 2 Adobe, Microsoft | 2 Svg Viewer, Internet Explorer | 2024-02-15 | 5.0 MEDIUM | N/A |
| The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not. | |||||
| CVE-2023-5217 | 7 Apple, Debian, Fedoraproject and 4 more | 12 Ipad Os, Iphone Os, Debian Linux and 9 more | 2024-02-15 | N/A | 8.8 HIGH |
| Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2004-0213 | 1 Microsoft | 1 Windows 2000 | 2024-02-14 | 7.2 HIGH | 7.8 HIGH |
| Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | |||||
| CVE-2012-2993 | 1 Microsoft | 2 Windows Phone 7, Windows Phone 7 Firmware | 2024-02-14 | 2.6 LOW | 5.9 MEDIUM |
| Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. | |||||
| CVE-2008-0087 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2024-02-14 | 8.8 HIGH | 7.5 HIGH |
| The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | |||||
| CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
| CVE-2010-0425 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-02-14 | 10.0 HIGH | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | |||||
| CVE-2002-2117 | 1 Microsoft | 1 Windows Xp | 2024-02-14 | 5.0 MEDIUM | N/A |
| Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP). | |||||
| CVE-2010-1098 | 1 Microsoft | 2 Windows Vista, Windows Xp | 2024-02-14 | 7.1 HIGH | N/A |
| The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. | |||||
| CVE-2019-11397 | 2 Microsoft, Rapidflows | 2 .net Framework, Rapid4 | 2024-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | |||||
| CVE-2018-0748 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | |||||
| CVE-2005-2225 | 1 Microsoft | 1 Msn Messenger Service | 2024-02-14 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. | |||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2024-02-14 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | |||||