Filtered by vendor Microsoft
Subscribe
Total
22322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4333 | 2 Broadcom, Microsoft | 2 Raid Controller Web Interface, Windows | 2025-11-04 | N/A | 5.5 MEDIUM |
| Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |||||
| CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 11 Debian Linux, Windows, Firefox and 8 more | 2025-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | |||||
| CVE-2024-20696 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-11-03 | N/A | 7.3 HIGH |
| Windows libarchive Remote Code Execution Vulnerability | |||||
| CVE-2023-33850 | 4 Hp, Ibm, Linux and 1 more | 6 Hp-ux, Aix, Cics Tx and 3 more | 2025-11-03 | N/A | 7.5 HIGH |
| IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. | |||||
| CVE-2025-36047 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2025-11-03 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | |||||
| CVE-2025-1992 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-11-03 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | |||||
| CVE-2024-4577 | 3 Fedoraproject, Microsoft, Php | 3 Fedora, Windows, Php | 2025-11-03 | N/A | 9.8 CRITICAL |
| In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | |||||
| CVE-2025-54257 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-11-03 | N/A | 7.8 HIGH |
| Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged. | |||||
| CVE-2025-23340 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
| CVE-2025-23339 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump. | |||||
| CVE-2025-23338 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service. | |||||
| CVE-2025-23308 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm. | |||||
| CVE-2025-23271 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-11-03 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
| CVE-2025-10199 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-11-03 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. | |||||
| CVE-2025-10198 | 2 Lizardbyte, Microsoft | 2 Sunshine, Windows | 2025-11-03 | N/A | 7.8 HIGH |
| Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | |||||
| CVE-2025-21333 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-11-03 | N/A | 7.8 HIGH |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | |||||
| CVE-2020-5741 | 2 Microsoft, Plex | 2 Windows, Media Server | 2025-10-31 | 6.5 MEDIUM | 7.2 HIGH |
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | |||||
| CVE-2025-3928 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-10-31 | N/A | 8.8 HIGH |
| Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. | |||||
| CVE-2025-52446 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2025-10-31 | N/A | 8.0 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||
| CVE-2025-52447 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2025-10-31 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | |||||