Filtered by vendor Microsoft
Subscribe
Total
21912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29061 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-29060 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 6.7 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-29057 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2024-29056 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2024-29055 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | N/A | 7.2 HIGH |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2024-29054 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | N/A | 7.2 HIGH |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2024-29053 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2024-29052 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||
| CVE-2024-28899 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-27265 | 3 Ibm, Linux, Microsoft | 4 Integration Bus, Z\/os, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.5 MEDIUM |
| IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | |||||
| CVE-2024-26247 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2024-26246 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 3.9 LOW |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2024-26196 | 1 Microsoft | 1 Edge | 2024-11-21 | N/A | 4.3 MEDIUM |
| Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-26184 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-26163 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2024-25140 | 2 Microsoft, Rustdesk | 2 Windows, Rustdesk | 2024-11-21 | N/A | 9.8 CRITICAL |
| A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. | |||||
| CVE-2024-24482 | 2 Apktool, Microsoft | 2 Apktool, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | |||||
| CVE-2024-23769 | 2 Microsoft, Samsung | 2 Windows, Magician | 2024-11-21 | N/A | 7.3 HIGH |
| Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. | |||||
| CVE-2024-23441 | 2 Anti-virus, Microsoft | 2 Vba32, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. | |||||
| CVE-2024-23331 | 2 Microsoft, Vitejs | 2 Windows, Vite | 2024-11-21 | N/A | 7.5 HIGH |
| Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. | |||||