Filtered by vendor Microsoft
Subscribe
Total
22061 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43466 | 1 Microsoft | 1 Sharepoint Server | 2024-09-13 | N/A | 7.5 HIGH |
| Microsoft SharePoint Server Denial of Service Vulnerability | |||||
| CVE-2024-43475 | 1 Microsoft | 1 Windows Server 2008 | 2024-09-13 | N/A | 7.3 HIGH |
| Microsoft Windows Admin Center Information Disclosure Vulnerability | |||||
| CVE-2024-43476 | 1 Microsoft | 1 Dynamics 365 | 2024-09-13 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2024-09-13 | N/A | 8.5 HIGH |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | |||||
| CVE-2024-41856 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-09-13 | N/A | 7.8 HIGH |
| Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-45107 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-06 | N/A | 5.5 MEDIUM |
| Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-41879 | 2 Adobe, Microsoft | 2 Acrobat Reader, Edge | 2024-09-05 | N/A | 7.8 HIGH |
| Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-2881 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. | |||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2024-09-04 | N/A | 8.8 HIGH |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | |||||
| CVE-2024-38219 | 1 Microsoft | 1 Edge Chromium | 2024-08-29 | N/A | 9.0 CRITICAL |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-43472 | 1 Microsoft | 1 Edge Chromium | 2024-08-28 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2024-7979 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-26 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2024-39744 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 4.3 MEDIUM |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2024-39745 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2024-08-23 | N/A | 7.5 HIGH |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2024-7977 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-22 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2024-39383 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-20 | N/A | 7.8 HIGH |
| Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34117 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-41840 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-39386 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||