Filtered by vendor Microsoft
Subscribe
Total
21868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33137 | 1 Microsoft | 2 Office, Office Online Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-33136 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A | 8.8 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2023-33135 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.3 HIGH |
| .NET and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-33134 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2023-33133 | 1 Microsoft | 4 365 Apps, Excel, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-33132 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-33130 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | N/A | 7.3 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-33128 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.3 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-33127 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 8.1 HIGH |
| .NET and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2023-33126 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.3 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-32783 | 2 Microsoft, Zohocorp | 2 Windows, Manageengine Adaudit Plus | 2024-11-21 | N/A | 7.5 HIGH |
| The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. NOTE: the vendor states "We do not consider this as a security bug and it's an expected behaviour." | |||||
| CVE-2023-32764 | 2 Fabasoft, Microsoft | 4 Cloud, Cloud Enterprise Client, Folio \/ Egov-suite and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. | |||||
| CVE-2023-32557 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | |||||
| CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 5.5 MEDIUM |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | |||||
| CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | |||||
| CVE-2023-32479 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. | |||||
| CVE-2023-32336 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | |||||
| CVE-2023-32214 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | |||||
| CVE-2023-32163 | 2 Microsoft, Wacom | 2 Windows, Driver | 2024-11-21 | N/A | 7.8 HIGH |
| Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857. | |||||