Total
475 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-30100 | 1 Microsoft | 1 Sharepoint Server | 2024-06-20 | N/A | 7.8 HIGH |
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
CVE-2021-28246 | 1 Broadcom | 1 Ehealth | 2024-06-18 | 4.4 MEDIUM | 7.8 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2019-17449 | 1 Avira | 1 Software Updater | 2024-06-11 | 4.6 MEDIUM | 6.7 MEDIUM |
** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges. | |||||
CVE-2023-35343 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-05-29 | N/A | 7.8 HIGH |
Windows Geolocation Service Remote Code Execution Vulnerability | |||||
CVE-2023-21764 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 7.8 HIGH |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
CVE-2023-21763 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 7.8 HIGH |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
CVE-2023-41766 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||
CVE-2023-36898 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-05-29 | N/A | 7.8 HIGH |
Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
CVE-2023-36780 | 1 Microsoft | 1 Skype For Business Server | 2024-05-29 | N/A | 7.2 HIGH |
Skype for Business Remote Code Execution Vulnerability | |||||
CVE-2023-36778 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 8.0 HIGH |
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
CVE-2023-36422 | 1 Microsoft | 1 Windows Defender | 2024-05-29 | N/A | 7.8 HIGH |
Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
CVE-2023-36393 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.8 HIGH |
Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
CVE-2023-36003 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-05-29 | N/A | 7.3 HIGH |
XAML Diagnostics Elevation of Privilege Vulnerability | |||||
CVE-2024-26198 | 2024-05-29 | N/A | 8.8 HIGH | ||
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
CVE-2024-21435 | 2024-05-29 | N/A | 8.8 HIGH | ||
Windows OLE Remote Code Execution Vulnerability | |||||
CVE-2024-21325 | 1 Microsoft | 1 Printer Metadata Troubleshooter Tool | 2024-05-29 | N/A | 7.8 HIGH |
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | |||||
CVE-2022-3734 | 2 Microsoft, Redis | 2 Windows, Redis | 2024-05-17 | N/A | 9.8 CRITICAL |
** DISPUTED ** A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. | |||||
CVE-2022-29583 | 2 Microsoft, Service Project | 2 Windows, Service | 2024-05-17 | 4.6 MEDIUM | 7.8 HIGH |
** DISPUTED ** service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others. | |||||
CVE-2021-28249 | 1 Ca | 1 Ehealth Performance Manager | 2024-05-17 | 7.2 HIGH | 8.8 HIGH |
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2019-9116 | 2 Microsoft, Sublimetext | 2 Windows 7, Sublime Text 3 | 2024-05-17 | 6.8 MEDIUM | 7.8 HIGH |
** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched." |