Filtered by vendor Microsoft
Subscribe
Total
21912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22410 | 2 Gluwa, Microsoft | 2 Creditcoin, Windows | 2024-11-21 | N/A | 3.3 LOW |
| Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental. | |||||
| CVE-2024-21646 | 1 Microsoft | 1 Azure Uamqp | 2024-11-21 | N/A | 9.8 CRITICAL |
| Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. | |||||
| CVE-2024-21643 | 1 Microsoft | 1 Identitymodel Extensions | 2024-11-21 | N/A | 7.1 HIGH |
| IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher. | |||||
| CVE-2024-21638 | 1 Microsoft | 1 Azure Ipam | 2024-11-21 | N/A | 9.1 CRITICAL |
| Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0. | |||||
| CVE-2024-21449 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
| CVE-2024-21420 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21408 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-21407 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2024-21406 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows Printing Service Spoofing Vulnerability | |||||
| CVE-2024-21405 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.0 HIGH |
| Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21404 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2022 | 2024-11-21 | N/A | 7.5 HIGH |
| .NET Denial of Service Vulnerability | |||||
| CVE-2024-21403 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-11-21 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||
| CVE-2024-21402 | 1 Microsoft | 1 365 Apps | 2024-11-21 | N/A | 7.1 HIGH |
| Microsoft Outlook Elevation of Privilege Vulnerability | |||||
| CVE-2024-21401 | 1 Microsoft | 1 Entra Jira Sso Plugin | 2024-11-21 | N/A | 9.8 CRITICAL |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | |||||
| CVE-2024-21399 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-21397 | 1 Microsoft | 1 Azure File Sync | 2024-11-21 | N/A | 5.3 MEDIUM |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||
| CVE-2024-21396 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
| Dynamics 365 Sales Spoofing Vulnerability | |||||
| CVE-2024-21395 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 8.2 HIGH |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-21394 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
| Dynamics 365 Field Service Spoofing Vulnerability | |||||
| CVE-2024-21393 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A | 7.6 HIGH |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||