Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 20832 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3147 1 Microsoft 7 Outlook Express, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 9.3 HIGH N/A
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
CVE-2013-6913 2 Cybozu, Microsoft 2 Garoon, Internet Explorer 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3804 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 5.0 MEDIUM N/A
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
CVE-2011-1462 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
CVE-2012-1194 1 Microsoft 1 Windows Server 2008 2025-04-11 6.4 MEDIUM N/A
The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2024-51954 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2025-04-10 N/A 8.5 HIGH
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance.  If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.
CVE-2023-33140 1 Microsoft 1 Onenote 2025-04-10 N/A 6.5 MEDIUM
Microsoft OneNote Spoofing Vulnerability
CVE-2024-25709 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2025-04-10 N/A 6.1 MEDIUM
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
CVE-2024-25708 2 Esri, Microsoft 2 Arcgis Enterprise, Windows 2025-04-10 N/A 4.8 MEDIUM
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
CVE-2024-25699 3 Esri, Linux, Microsoft 4 Arcgis Enterprise, Portal For Arcgis, Linux Kernel and 1 more 2025-04-10 N/A 8.5 HIGH
There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software.
CVE-2024-25692 3 Esri, Linux, Microsoft 3 Portal For Arcgis, Linux Kernel, Windows 2025-04-10 N/A 5.4 MEDIUM
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
CVE-2023-25841 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2025-04-10 N/A 6.1 MEDIUM
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.
CVE-2023-25840 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2025-04-10 N/A 3.4 LOW
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.  The privileges required to execute this attack are high.
CVE-2022-34681 2 Microsoft, Nvidia 3 Windows, Cloud Gaming, Virtual Gpu 2025-04-10 N/A 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler, where improper input validation of a display-related data structure may lead to denial of service.
CVE-2022-34678 6 Citrix, Linux, Microsoft and 3 more 7 Hypervisor, Linux Kernel, Windows and 4 more 2025-04-10 N/A 6.5 MEDIUM
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.
CVE-2019-0859 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 12 more 2025-04-10 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
CVE-2018-8405 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 8 more 2025-04-10 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
CVE-2019-1388 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 11 more 2025-04-10 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
CVE-2020-0683 1 Microsoft 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more 2025-04-10 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
CVE-2019-0541 1 Microsoft 18 Excel Viewer, Internet Explorer, Office and 15 more 2025-04-10 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.