Microsoft Security Vulnerabilities

CVE-2023-28233

Windows Secure Channel Denial of Service...

CVE-2023-32051

Raw Image Extension Remote Code Execution...

CVE-2023-29353

Sysinternals Process Monitor for Windows Denial of Service...

CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference...

CVE-2023-36772

3D Builder Remote Code Execution...

CVE-2023-36739

3D Viewer Remote Code Execution...

CVE-2024-29054

Microsoft Defender for IoT Elevation of Privilege...

CVE-2024-26196

Microsoft Edge for Android (Chromium-based) Information Disclosure...

CVE-2024-21399

Microsoft Edge (Chromium-based) Remote Code Execution...

CVE-2024-21388

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2024-21385

Microsoft Edge (Chromium-based) Elevation of Privilege...

CVE-2024-21383

Microsoft Edge (Chromium-based) Spoofing...

CVE-2024-21328

Dynamics 365 Sales Spoofing...

CVE-2024-21396

Dynamics 365 Sales Spoofing...

CVE-2024-21394

Dynamics 365 Field Service Spoofing...

CVE-2024-21325

Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution...

CVE-2022-26921

Visual Studio Code Elevation of Privilege...

CVE-2022-26907

Azure SDK for .NET Information Disclosure...

CVE-2023-36043

Open Management Infrastructure Information Disclosure...

CVE-2024-38082

Microsoft Edge (Chromium-based) Spoofing...

CVE-2023-36770

3D Builder Remote Code Execution...

CVE-2023-36052

Azure CLI REST Command Information Disclosure...

CVE-2024-30058

Microsoft Edge (Chromium-based) Spoofing...

CVE-2024-38093

Microsoft Edge (Chromium-based) Spoofing...

CVE-2024-30007

Microsoft Brokering File System Elevation of Privilege...

CVE-2024-30053

Azure Migrate Cross-Site Scripting...

CVE-2021-31967

VP9 Video Extensions Remote Code Execution...

CVE-2021-41353

Microsoft Dynamics 365 (on-premises) Spoofing...

CVE-2024-21423

Microsoft Edge (Chromium-based) Information Disclosure...

CVE-2024-26192

Microsoft Edge (Chromium-based) Information Disclosure...

CVE-2022-26934

Windows Graphics Component Information Disclosure...

CVE-2024-35260

An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a...

CVE-2024-30057

Microsoft Edge for iOS Spoofing...

CVE-2024-37325

Azure Science Virtual Machine (DSVM) Elevation of Privilege...

CVE-2024-35253

Microsoft Azure File Sync Elevation of Privilege...

CVE-2013-3896

Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight...

CVE-2023-36771

3D Builder Remote Code Execution...

CVE-2013-1331

Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow...

CVE-2010-2572

Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow...

CVE-2023-36760

3D Viewer Remote Code Execution...

CVE-2019-1151

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data;....

CVE-2023-21571

Microsoft Dynamics 365 (on-premises) Cross-site Scripting...

CVE-2024-21382

Microsoft Edge for Android Information Disclosure...

CVE-2020-1515

An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...

CVE-2020-1538

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...

CVE-2020-1529

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete.....

CVE-2020-1383

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a...

CVE-2019-1181

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction......

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG....

CVE-2020-1470

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The.....