) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): microsoft
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-26161 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:55 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-26159 |
Microsoft ODBC Driver Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:54 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21451 |
Microsoft ODBC Driver Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:54 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21450 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:54 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-21448 |
Microsoft Teams for Android Information Disclosure Vulnerability Published: March 12, 2024; 1:15:54 PM -0400 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0:(not available) |
| CVE-2024-21444 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:53 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21441 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:53 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21440 |
Microsoft ODBC Driver Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:53 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-21438 |
Microsoft AllJoyn API Denial of Service Vulnerability Published: March 12, 2024; 1:15:52 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2024-21434 |
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:52 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-21426 |
Microsoft SharePoint Server Remote Code Execution Vulnerability Published: March 12, 2024; 1:15:51 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-21419 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Published: March 12, 2024; 1:15:50 PM -0400 |
V4.0:(not available) V3.1: 7.6 HIGH V2.0:(not available) |
| CVE-2024-21400 |
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:49 PM -0400 |
V4.0:(not available) V3.1: 9.0 CRITICAL V2.0:(not available) |
| CVE-2024-21390 |
Microsoft Authenticator Elevation of Privilege Vulnerability Published: March 12, 2024; 1:15:49 PM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
| CVE-2024-20671 |
Microsoft Defender Security Feature Bypass Vulnerability Published: March 12, 2024; 1:15:48 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2024-26167 |
Microsoft Edge for Android Spoofing Vulnerability Published: March 07, 2024; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2024-28111 |
Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue. Published: March 06, 2024; 5:15:57 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-1900 |
Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The user will stay authenticated until the Devolutions Server token expiration. Published: March 05, 2024; 5:15:47 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-0590 |
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: February 28, 2024; 8:43:22 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-26192 |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Published: February 23, 2024; 6:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0:(not available) |