Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (640 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35367 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35366 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35365 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 9.8 Critical |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2023-23415 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 9.8 Critical |
| Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | ||||
| CVE-2023-21708 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 9.8 Critical |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2023-23392 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 2 more | 2025-01-01 | 9.8 Critical |
| HTTP Protocol Stack Remote Code Execution Vulnerability | ||||
| CVE-2023-21692 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 9.8 Critical |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | ||||
| CVE-2023-21690 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-01-01 | 9.8 Critical |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | ||||
| CVE-2023-21689 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-01-01 | 9.8 Critical |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | ||||
| CVE-2023-21803 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2025-01-01 | 9.8 Critical |
| Windows iSCSI Discovery Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38183 | 1 Microsoft | 1 Groupme | 2024-12-31 | 9.8 Critical |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-43491 | 1 Microsoft | 1 Windows 10 1507 | 2024-12-31 | 9.8 Critical |
| Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support. | ||||
| CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-12-31 | 9 Critical |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2023-29542 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-12-11 | 9.8 Critical |
| A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10. | ||||
| CVE-2023-32557 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 9.8 Critical |
| A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-29487 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-26 | 9.1 Critical |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue. | ||||
| CVE-2023-44324 | 2 Adobe, Microsoft | 2 Framemaker Publishing Server, Windows | 2024-11-25 | 9.8 Critical |
| Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-25110 | 1 Microsoft | 1 Azure Uamqp | 2024-11-22 | 9.8 Critical |
| The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. | ||||