Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7752 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0723 | 2 Freesshd, Microsoft | 2 Freesshd, Windows | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547. | ||||
| CVE-2024-0589 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. | ||||
| CVE-2024-0310 | 2 Microsoft, Trellix | 2 Windows, Endpoint Security Web Control | 2024-11-21 | 6.1 Medium |
| A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. | ||||
| CVE-2024-0206 | 2 Microsoft, Trellix | 2 Windows, Anti-malware Engine | 2024-11-21 | 7.1 High |
| A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | ||||
| CVE-2024-0091 | 7 Canonical, Citrix, Linux and 4 more | 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. | ||||
| CVE-2024-0090 | 7 Canonical, Citrix, Linux and 4 more | 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more | 2024-11-21 | 7.8 High |
| NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0089 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | ||||
| CVE-2023-7047 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 4.4 Medium |
| Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL data sources. | ||||
| CVE-2023-6753 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2024-11-21 | 8.8 High |
| Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6335 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-11-21 | 6.4 Medium |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | ||||
| CVE-2023-6334 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-11-21 | 5.3 Medium |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers.This issue affects Workforce Access: before 8.7. | ||||
| CVE-2023-5847 | 3 Linux, Microsoft, Tenable | 4 Linux Kernel, Windows, Nessus and 1 more | 2024-11-21 | 6.7 Medium |
| Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | ||||
| CVE-2023-5808 | 2 Hitachi, Microsoft | 2 Vantara Hitachi Network Attached Storage, Windows | 2024-11-21 | 7.6 High |
| SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. | ||||
| CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | ||||
| CVE-2023-5765 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 9.8 Critical |
| Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. | ||||
| CVE-2023-5727 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.5 Medium |
| The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5257 | 2 Microsoft, Whitehsbg | 2 Windows, Jndiexploit | 2024-11-21 | 3.5 Low |
| A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-5174 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 9.8 Critical |
| If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2023-5168 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 9.8 Critical |
| A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2023-5097 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-11-21 | 7 High |
| Improper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7. | ||||