) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): microsoft
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-21350 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Published: February 13, 2024; 1:15:51 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21349 |
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Published: February 13, 2024; 1:15:50 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21347 |
Microsoft ODBC Driver Remote Code Execution Vulnerability Published: February 13, 2024; 1:15:50 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2024-21327 |
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Published: February 13, 2024; 1:15:48 PM -0500 |
V4.0:(not available) V3.1: 7.6 HIGH V2.0:(not available) |
| CVE-2024-21315 |
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability Published: February 13, 2024; 1:15:48 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-20673 |
Microsoft Office Remote Code Execution Vulnerability Published: February 13, 2024; 1:15:47 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-21399 |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Published: February 01, 2024; 8:15:08 PM -0500 |
V4.0:(not available) V3.1: 8.3 HIGH V2.0:(not available) |
| CVE-2024-21388 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Published: January 30, 2024; 1:15:48 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-21336 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability Published: January 26, 2024; 1:15:12 PM -0500 |
V4.0:(not available) V3.1: 2.5 LOW V2.0:(not available) |
| CVE-2024-21387 |
Microsoft Edge for Android Spoofing Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2024-21385 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 8.3 HIGH V2.0:(not available) |
| CVE-2024-21383 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
| CVE-2024-21382 |
Microsoft Edge for Android Information Disclosure Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2024-21326 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0:(not available) |
| CVE-2024-22410 |
Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental. Published: January 17, 2024; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-21337 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Published: January 11, 2024; 5:15:46 PM -0500 |
V4.0:(not available) V3.1: 5.2 MEDIUM V2.0:(not available) |
| CVE-2024-20675 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Published: January 11, 2024; 4:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0:(not available) |
| CVE-2024-21643 |
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher. Published: January 10, 2024; 12:15:09 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-21319 |
Microsoft Identity Denial of service vulnerability Published: January 09, 2024; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0:(not available) |
| CVE-2024-21325 |
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability Published: January 09, 2024; 1:15:56 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |