Total
504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21764 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-21763 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-41766 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36898 | 1 Microsoft | 2 Windows 11 21h2, Windows 11 22h2 | 2024-05-29 | N/A | 7.8 HIGH |
| Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-36780 | 1 Microsoft | 1 Skype For Business Server | 2024-05-29 | N/A | 7.2 HIGH |
| Skype for Business Remote Code Execution Vulnerability | |||||
| CVE-2023-36778 | 1 Microsoft | 1 Exchange Server | 2024-05-29 | N/A | 8.0 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36422 | 1 Microsoft | 1 Windows Defender | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2023-36393 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows User Interface Application Core Remote Code Execution Vulnerability | |||||
| CVE-2023-36003 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-05-29 | N/A | 7.3 HIGH |
| XAML Diagnostics Elevation of Privilege Vulnerability | |||||
| CVE-2024-26198 | 2024-05-29 | N/A | 8.8 HIGH | ||
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21435 | 2024-05-29 | N/A | 8.8 HIGH | ||
| Windows OLE Remote Code Execution Vulnerability | |||||
| CVE-2024-21325 | 1 Microsoft | 1 Printer Metadata Troubleshooter Tool | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | |||||
| CVE-2024-28133 | 2024-05-14 | N/A | 7.8 HIGH | ||
| A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. | |||||
| CVE-2024-32019 | 2024-04-15 | N/A | 8.8 HIGH | ||
| Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-20693 | 2024-04-10 | N/A | 7.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-20754 | 2024-03-18 | N/A | 7.5 HIGH | ||
| Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-27303 | 2024-03-06 | N/A | 7.3 HIGH | ||
| electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. | |||||
| CVE-2024-24810 | 1 Firegiant | 1 Wix Toolset | 2024-02-14 | N/A | 7.8 HIGH |
| WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4. | |||||
| CVE-2024-23304 | 1 Cybozu | 1 Kunai | 2024-02-13 | N/A | 7.5 HIGH |
| Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | |||||
| CVE-2021-4435 | 1 Yarnpkg | 1 Yarn | 2024-02-13 | N/A | 7.8 HIGH |
| An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways. | |||||