Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Microsoft ChakraCore184 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge
Recent Microsoft Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2023-32024 | Microsoft Power Apps Spoofing Vulnerability | June 13, 2023 |
| CVE-2023-2929 | Chromium: CVE-2023-2929 Out of bounds write in Swiftshader | June 2, 2023 |
| CVE-2023-2941 | Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API | June 2, 2023 |
| CVE-2023-2933 | Chromium: CVE-2023-2933 Use after free in PDF | June 2, 2023 |
| CVE-2023-2934 | Chromium: CVE-2023-2934 Out of bounds memory access in Mojo | June 2, 2023 |
| CVE-2023-2935 | Chromium: CVE-2023-2935 Type Confusion in V8 | June 2, 2023 |
| CVE-2023-29345 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | June 2, 2023 |
| CVE-2023-2932 | Chromium: CVE-2023-2932 Use after free in PDF | June 2, 2023 |
| CVE-2023-33143 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | June 2, 2023 |
| CVE-2023-2931 | Chromium: CVE-2023-2931 Use after free in PDF | June 2, 2023 |
Known Exploited Microsoft Vulnerabilities
The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Microsoft Win32K Privilege Escalation Vulnerability | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. CVE-2023-29336 | May 9, 2023 |
| Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-28252 | April 11, 2023 |
| Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability | Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context. CVE-2019-1388 | April 7, 2023 |
| Microsoft Internet Explorer Memory Corruption Vulnerability | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. CVE-2013-3163 | March 30, 2023 |
| Microsoft Office Outlook Privilege Escalation Vulnerability | Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. CVE-2023-23397 | March 14, 2023 |
| Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2023-24880 | March 14, 2023 |
| Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-23376 | February 14, 2023 |
| Microsoft Windows Graphic Component Privilege Escalation Vulnerability | Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-21823 | February 14, 2023 |
| Microsoft Office Security Feature Bypass Vulnerability | Microsoft Office contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system. CVE-2023-21715 | February 14, 2023 |
| Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability | Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-21674 | January 10, 2023 |
| Microsoft Exchange Server Privilege Escalation Vulnerability | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution. CVE-2022-41080 | January 10, 2023 |
| Microsoft Defender SmartScreen Security Feature Bypass Vulnerability | Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2022-44698 | December 13, 2022 |
| Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41049 | November 14, 2022 |
| Microsoft Windows Scripting Languages Remote Code Execution Vulnerability | Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. CVE-2022-41128 | November 8, 2022 |
| Microsoft Windows Print Spooler Privilege Escalation Vulnerability | Microsoft Windows Print Spooler contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41073 | November 8, 2022 |
| Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41125 | November 8, 2022 |
| Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41091 | November 8, 2022 |
| Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability | Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. CVE-2022-41033 | October 11, 2022 |
| Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server contains an unspecified vulnerability which allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution. CVE-2022-41082 | September 30, 2022 |
| Microsoft Exchange Server Server-Side Request Forgery Vulnerability | Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. CVE-2022-41040 | September 30, 2022 |
By the Year
In 2023 there have been 625 vulnerabilities in Microsoft with an average score of 7.3 out of ten. Last year Microsoft had 1284 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.17
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 625 | 7.27 |
| 2022 | 1284 | 7.44 |
| 2021 | 1108 | 7.55 |
| 2020 | 1192 | 7.35 |
| 2019 | 759 | 7.23 |
| 2018 | 578 | 6.88 |
It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Security Vulnerabilities
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-33143
7.5 - High
- June 03, 2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Outlook Denial of Service Vulnerability
CVE-2022-35742
7.5 - High
- June 01, 2023
Microsoft Outlook Denial of Service Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2022-35743
7.8 - High
- May 31, 2023
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
CVE-2022-35744
9.8 - Critical
- May 31, 2023
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35745
8.1 - High
- May 31, 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-35746
7.8 - High
- May 31, 2023
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
CVE-2022-35747
5.9 - Medium
- May 31, 2023
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
HTTP.sys Denial of Service Vulnerability
CVE-2022-35748
7.5 - High
- May 31, 2023
HTTP.sys Denial of Service Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2022-35749
7.8 - High
- May 31, 2023
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
CVE-2022-35750
7.8 - High
- May 31, 2023
Win32k Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-35751
7.8 - High
- May 31, 2023
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35752
8.1 - High
- May 31, 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35753
8.1 - High
- May 31, 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Unified Write Filter Elevation of Privilege Vulnerability
CVE-2022-35754
6.7 - Medium
- May 31, 2023
Unified Write Filter Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-35755
7.3 - High
- May 31, 2023
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-35756
7.8 - High
- May 31, 2023
Windows Kerberos Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2022-35757
7.3 - High
- May 31, 2023
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2022-35758
5.5 - Medium
- May 31, 2023
Windows Kernel Memory Information Disclosure Vulnerability
Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2022-35759
6.5 - Medium
- May 31, 2023
Windows Local Security Authority (LSA) Denial of Service Vulnerability
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90
CVE-2023-2941
4.3 - Medium
- May 30, 2023
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90
CVE-2023-2929
8.8 - High
- May 30, 2023
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Use after free in Extensions in Google Chrome prior to 114.0.5735.90
CVE-2023-2930
8.8 - High
- May 30, 2023
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 114.0.5735.90
CVE-2023-2931
8.8 - High
- May 30, 2023
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 114.0.5735.90
CVE-2023-2932
8.8 - High
- May 30, 2023
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Use after free in PDF in Google Chrome prior to 114.0.5735.90
CVE-2023-2933
8.8 - High
- May 30, 2023
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Dangling pointer
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90
CVE-2023-2934
8.8 - High
- May 30, 2023
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90
CVE-2023-2935
8.8 - High
- May 30, 2023
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90
CVE-2023-2936
8.8 - High
- May 30, 2023
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90
CVE-2023-2937
4.3 - Medium
- May 30, 2023
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90
CVE-2023-2938
4.3 - Medium
- May 30, 2023
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90
CVE-2023-2939
7.8 - High
- May 30, 2023
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
insecure temporary file
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90
CVE-2023-2940
6.5 - Medium
- May 30, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Azure Arc Jumpstart Information Disclosure Vulnerability
CVE-2022-35798
3.3 - Low
- May 18, 2023
Azure Arc Jumpstart Information Disclosure Vulnerability
Use after free in Navigation in Google Chrome prior to 113.0.5672.126
CVE-2023-2721
8.8 - High
- May 16, 2023
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126
CVE-2023-2722
8.8 - High
- May 16, 2023
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in DevTools in Google Chrome prior to 113.0.5672.126
CVE-2023-2723
8.8 - High
- May 16, 2023
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type confusion in V8 in Google Chrome prior to 113.0.5672.126
CVE-2023-2724
8.8 - High
- May 16, 2023
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Guest View in Google Chrome prior to 113.0.5672.126
CVE-2023-2725
8.8 - High
- May 16, 2023
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126
CVE-2023-2726
8.8 - High
- May 16, 2023
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)
In Qt before 5.15.14
CVE-2023-32573
6.5 - Medium
- May 10, 2023
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Divide By Zero
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
CVE-2023-2610
7.8 - High
- May 09, 2023
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
Integer Overflow or Wraparound
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-24950
6.5 - Medium
- May 09, 2023
Microsoft SharePoint Server Spoofing Vulnerability
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
CVE-2023-2609
7.8 - High
- May 09, 2023
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
NULL Pointer Dereference
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
CVE-2023-28290
5.3 - Medium
- May 09, 2023
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-24949
7.8 - High
- May 09, 2023
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-24953
7.8 - High
- May 09, 2023
Microsoft Excel Remote Code Execution Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-24954
6.5 - Medium
- May 09, 2023
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-24955
7.2 - High
- May 09, 2023
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-29324
6.5 - Medium
- May 09, 2023
Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-29335
7.5 - High
- May 09, 2023
Microsoft Word Security Feature Bypass Vulnerability
Win32k Elevation of Privilege Vulnerability
CVE-2023-29336
7.8 - High
- May 09, 2023
Win32k Elevation of Privilege Vulnerability
Visual Studio Code Information Disclosure Vulnerability
CVE-2023-29338
5 - Medium
- May 09, 2023
Visual Studio Code Information Disclosure Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
CVE-2023-29340
7.8 - High
- May 09, 2023
AV1 Video Extension Remote Code Execution Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
CVE-2023-29341
7.8 - High
- May 09, 2023
AV1 Video Extension Remote Code Execution Vulnerability
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
CVE-2023-29343
7.8 - High
- May 09, 2023
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2023-24932
6.7 - Medium
- May 09, 2023
Secure Boot Security Feature Bypass Vulnerability
Windows Driver Revocation List Security Feature Bypass Vulnerability
CVE-2023-28251
5.5 - Medium
- May 09, 2023
Windows Driver Revocation List Security Feature Bypass Vulnerability
Windows Installer Elevation of Privilege Vulnerability
CVE-2023-24904
7.1 - High
- May 09, 2023
Windows Installer Elevation of Privilege Vulnerability
Windows OLE Remote Code Execution Vulnerability
CVE-2023-29325
7.5 - High
- May 09, 2023
Windows OLE Remote Code Execution Vulnerability
Microsoft Access Denial of Service Vulnerability
CVE-2023-29333
3.3 - Low
- May 09, 2023
Microsoft Access Denial of Service Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2023-24948
7.4 - High
- May 09, 2023
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-24947
8.8 - High
- May 09, 2023
Windows Bluetooth Driver Remote Code Execution Vulnerability
Windows Backup Service Elevation of Privilege Vulnerability
CVE-2023-24946
7.8 - High
- May 09, 2023
Windows Backup Service Elevation of Privilege Vulnerability
Windows iSCSI Target Service Information Disclosure Vulnerability
CVE-2023-24945
5.5 - Medium
- May 09, 2023
Windows iSCSI Target Service Information Disclosure Vulnerability
Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2023-24944
6.5 - Medium
- May 09, 2023
Windows Bluetooth Driver Information Disclosure Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2023-24905
7.8 - High
- May 09, 2023
Remote Desktop Client Remote Code Execution Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-24943
9.8 - Critical
- May 09, 2023
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2023-24903
8.1 - High
- May 09, 2023
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Race Condition
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-24942
7.5 - High
- May 09, 2023
Remote Procedure Call Runtime Denial of Service Vulnerability
Win32k Elevation of Privilege Vulnerability
CVE-2023-24902
7.8 - High
- May 09, 2023
Win32k Elevation of Privilege Vulnerability
Windows Network File System Remote Code Execution Vulnerability
CVE-2023-24941
9.8 - Critical
- May 09, 2023
Windows Network File System Remote Code Execution Vulnerability
Windows NFS Portmapper Information Disclosure Vulnerability
CVE-2023-24901
7.5 - High
- May 09, 2023
Windows NFS Portmapper Information Disclosure Vulnerability
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
CVE-2023-24940
7.5 - High
- May 09, 2023
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
Windows NTLM Security Support Provider Information Disclosure Vulnerability
CVE-2023-24900
5.9 - Medium
- May 09, 2023
Windows NTLM Security Support Provider Information Disclosure Vulnerability
Server for NFS Denial of Service Vulnerability
CVE-2023-24939
7.5 - High
- May 09, 2023
Server for NFS Denial of Service Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-24899
7 - High
- May 09, 2023
Windows Graphics Component Elevation of Privilege Vulnerability
Race Condition
Windows SMB Denial of Service Vulnerability
CVE-2023-24898
7.5 - High
- May 09, 2023
Windows SMB Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-28283
8.1 - High
- May 09, 2023
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes
CVE-2023-2513
6.7 - Medium
- May 08, 2023
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Dangling pointer
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-29354
4.7 - Medium
- May 05, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-29350
7.5 - High
- May 05, 2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63
CVE-2023-2468
4.3 - Medium
- May 03, 2023
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63
CVE-2023-2467
4.3 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63
CVE-2023-2466
4.3 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63
CVE-2023-2465
4.3 - Medium
- May 03, 2023
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63
CVE-2023-2464
4.3 - Medium
- May 03, 2023
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63
CVE-2023-2463
4.3 - Medium
- May 03, 2023
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63
CVE-2023-2462
4.3 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63
CVE-2023-2460
7.1 - High
- May 03, 2023
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
Improper Input Validation
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63
CVE-2023-2459
6.5 - Medium
- May 03, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation
CVE-2023-2235
7.8 - High
- May 01, 2023
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
Dangling pointer
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
CVE-2023-2426
5.5 - Medium
- April 29, 2023
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
Untrusted pointer offset
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-29334
4.3 - Medium
- April 28, 2023
Microsoft Edge (Chromium-based) Spoofing Vulnerability
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13
CVE-2023-31436
7.8 - High
- April 28, 2023
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
Memory Corruption
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-21712
8.1 - High
- April 27, 2023
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Race Condition
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28286
6.1 - Medium
- April 27, 2023
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-28261
8.1 - High
- April 27, 2023
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript
CVE-2023-30846
7.5 - High
- April 26, 2023
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function
CVE-2023-0458
4.7 - Medium
- April 26, 2023
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
NULL Pointer Dereference
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events
CVE-2023-2019
4.4 - Medium
- April 24, 2023
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.