Filtered by vendor Microsoft
Subscriptions
Total
23035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33647 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2025-03-11 | 8.1 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2022-30200 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-03-11 | 7.8 High |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
| CVE-2022-38013 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, .net Core and 4 more | 2025-03-11 | 7.5 High |
| .NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2022-37964 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-03-11 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-37961 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-03-11 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-38009 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-03-11 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-38008 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-03-11 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-35823 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-03-11 | 8.8 High |
| Microsoft SharePoint Remote Code Execution Vulnerability | ||||
| CVE-2022-35803 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-03-11 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2022-30196 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2025-03-11 | 8.2 High |
| Windows Secure Channel Denial of Service Vulnerability | ||||
| CVE-2022-26929 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2025-03-11 | 7.8 High |
| .NET Framework Remote Code Execution Vulnerability | ||||
| CVE-2022-26928 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-03-11 | 7 High |
| Windows Photo Import API Elevation of Privilege Vulnerability | ||||
| CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2025-03-11 | 8.8 High |
| A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | ||||
| CVE-2022-41953 | 2 Git-scm, Microsoft | 2 Git, Windows | 2025-03-10 | 8.6 High |
| Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources. | ||||
| CVE-2023-24816 | 2 Ipython, Microsoft | 2 Ipython, Windows | 2025-03-10 | 4.5 Medium |
| IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input. | ||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-03-07 | 7.0 High |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | ||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2025-03-07 | 7.3 High |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | ||||
| CVE-2022-41722 | 3 Golang, Microsoft, Redhat | 3 Go, Windows, Openshift | 2025-03-07 | 7.5 High |
| A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". | ||||
| CVE-2023-0196 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-03-07 | 3.3 Low |
| NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | ||||
| CVE-2023-26281 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Http Server and 4 more | 2025-03-06 | 5.9 Medium |
| IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. | ||||