Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows Server 20163040 vulnerabilities

Microsoft Windows Server 20192826 vulnerabilities

Microsoft Windows 102605 vulnerabilities

Microsoft Windows Server 20122199 vulnerabilities

Microsoft Windows Server 20082194 vulnerabilities

Microsoft Windows 71760 vulnerabilities

Microsoft Windows 8.11667 vulnerabilities

Microsoft Windows Rt 8 11536 vulnerabilities

Microsoft Windows Server 20221129 vulnerabilities

Microsoft Windows 11604 vulnerabilities

Microsoft Windows 11 21h2553 vulnerabilities

Microsoft Windows 11 22h2536 vulnerabilities

Microsoft Windows 10 1809528 vulnerabilities

Microsoft Windows 10 22h2521 vulnerabilities

Microsoft Windows 10 21h2517 vulnerabilities

Microsoft Windows 10 1607464 vulnerabilities

Microsoft Internet Explorer (IE)415 vulnerabilities
Popular web browser for windows

Microsoft Office402 vulnerabilities

Microsoft Windows Vista349 vulnerabilities

Microsoft Windows 10 1507342 vulnerabilities

Microsoft Windows XP313 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Sharepoint Server280 vulnerabilities

Microsoft Windows Server 2003248 vulnerabilities

Microsoft Windows 10 20h2234 vulnerabilities

Microsoft 365 Apps216 vulnerabilities

Microsoft ChakraCore189 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Foundation180 vulnerabilities

Microsoft Windows 2003 Server157 vulnerabilities

Microsoft Edge Chromium150 vulnerabilities

Microsoft Ie149 vulnerabilities

Microsoft Exchange Server121 vulnerabilities

Microsoft Excel120 vulnerabilities
Spreadsheet Software

Microsoft Windows 2000103 vulnerabilities

Microsoft Office Online Server100 vulnerabilities

Microsoft Visual Studio 201995 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Windows 11 23h283 vulnerabilities

Microsoft Visual Studio 201780 vulnerabilities

Microsoft Dynamics 36573 vulnerabilities

Microsoft Word68 vulnerabilities

Microsoft Edge Browser62 vulnerabilities
Web Browser based on Chromium

Microsoft Visual Studio 202259 vulnerabilities

Microsoft Net52 vulnerabilities

Microsoft Office Web Apps52 vulnerabilities

Microsoft Windows Nt51 vulnerabilities

Microsoft Outlook50 vulnerabilities

Microsoft Visual Studio Code45 vulnerabilities

Microsoft Windows 845 vulnerabilities

Microsoft Visual Studio38 vulnerabilities
Developer IDE

Microsoft Azure Devops Server36 vulnerabilities

Microsoft SQL Server36 vulnerabilities
Database Server

Microsoft Azure Site Recovery36 vulnerabilities

Microsoft Windows Rt33 vulnerabilities

Microsoft .NET Core32 vulnerabilities

Microsoft Windows 10 21h130 vulnerabilities

Microsoft ASP.NET Core29 vulnerabilities

Microsoft Excel Viewer29 vulnerabilities

Microsoft Azure Sphere27 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Windows Server 20h218 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Office Word Viewer17 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Visio15 vulnerabilities

Microsoft Powershell15 vulnerabilities

Microsoft Remote Desktop14 vulnerabilities

Microsoft Defender For Iot13 vulnerabilities

Microsoft Windows Server 23h213 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Windows 9812 vulnerabilities

Microsoft Project11 vulnerabilities

Microsoft Lync11 vulnerabilities

Microsoft 3d Viewer10 vulnerabilities

Microsoft Skype For Business10 vulnerabilities

Microsoft Azure Rtos Usbx10 vulnerabilities

Microsoft Raw Image Extension10 vulnerabilities

Microsoft Word Viewer10 vulnerabilities

Microsoft Dynamics Nav9 vulnerabilities

Microsoft Visual Studio Net8 vulnerabilities

Microsoft Powerpoint8 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2024-21351 Windows SmartScreen Security Feature Bypass Vulnerability February 13, 2024
CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability February 13, 2024
CVE-2024-21340 Windows Kernel Information Disclosure Vulnerability February 13, 2024
CVE-2024-21349 Microsoft ActiveX Data Objects Remote Code Execution Vulnerability February 13, 2024
CVE-2024-21338 Windows Kernel Elevation of Privilege Vulnerability February 13, 2024
CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability February 13, 2024
CVE-2024-21327 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability February 13, 2024
CVE-2023-50387 MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers February 13, 2024
CVE-2024-21352 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability February 13, 2024
CVE-2024-21350 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability February 13, 2024

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Exchange Server Privilege Escalation Vulnerability Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CVE-2024-21410 February 15, 2024
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CVE-2024-21351 February 13, 2024
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-21412 February 13, 2024
Microsoft SharePoint Server Privilege Escalation Vulnerability Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. CVE-2023-29357 January 10, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2023-36584 November 16, 2023
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. CVE-2023-36025 November 14, 2023
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2023-36036 November 14, 2023
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36033 November 14, 2023
Microsoft Skype for Business Privilege Escalation Vulnerability Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-41763 October 10, 2023
Microsoft WordPad Information Disclosure Vulnerability Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36563 October 10, 2023
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. CVE-2023-28229 October 4, 2023
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36802 September 12, 2023
Microsoft Word Information Disclosure Vulnerability Microsoft Word contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36761 September 12, 2023
Microsoft .NET Core and Visual Studio Denial of Service Vulnerability Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial of service. CVE-2023-38180 August 9, 2023
Microsoft Office and Windows HTML Remote Code Execution Vulnerability Microsoft Office and Windows contain an unspecified vulnerability that allows an attacker to perform remote code execution via a specially crafted Microsoft Office document. CVE-2023-36884 July 17, 2023
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. CVE-2023-32049 July 11, 2023
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36874 July 11, 2023
Microsoft Outlook Security Feature Bypass Vulnerability Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. CVE-2023-35311 July 11, 2023
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-32046 July 11, 2023
Microsoft Win32k Privilege Escalation Vulnerability Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. CVE-2016-0165 June 22, 2023

By the Year

In 2024 there have been 163 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1461 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.16.

Year Vulnerabilities Average Score
2024 163 7.43
2023 1461 7.27
2022 1295 7.44
2021 1110 7.45
2020 1207 7.26
2019 759 7.23
2018 579 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs)

CVE-2023-50387 7.5 - High - February 14, 2024

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Allocation of Resources Without Limits or Throttling

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21420 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-21413 9.8 - Critical - February 13, 2024

Microsoft Outlook Remote Code Execution Vulnerability

Internet Shortcut Files Security Feature Bypass Vulnerability

CVE-2024-21412 8.1 - High - February 13, 2024

Internet Shortcut Files Security Feature Bypass Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2024-21410 9.8 - Critical - February 13, 2024

Microsoft Exchange Server Elevation of Privilege Vulnerability

Windows Printing Service Spoofing Vulnerability

CVE-2024-21406 7.5 - High - February 13, 2024

Windows Printing Service Spoofing Vulnerability

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2024-21405 7 - High - February 13, 2024

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVE-2024-21403 9 - Critical - February 13, 2024

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Azure File Sync Elevation of Privilege Vulnerability

CVE-2024-21397 5.3 - Medium - February 13, 2024

Microsoft Azure File Sync Elevation of Privilege Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21395 8.2 - High - February 13, 2024

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21391 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2024-21384 7.8 - High - February 13, 2024

Microsoft Office OneNote Remote Code Execution Vulnerability

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

CVE-2024-21380 8 - High - February 13, 2024

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-21378 8 - High - February 13, 2024

Microsoft Outlook Remote Code Execution Vulnerability

Windows DNS Information Disclosure Vulnerability

CVE-2024-21377 7.1 - High - February 13, 2024

Windows DNS Information Disclosure Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

CVE-2024-21376 9 - Critical - February 13, 2024

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

Microsoft Teams for Android Information Disclosure

CVE-2024-21374 5 - Medium - February 13, 2024

Microsoft Teams for Android Information Disclosure

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21370 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21368 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21367 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21365 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

CVE-2024-21364 9.3 - Critical - February 13, 2024

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-21363 7.8 - High - February 13, 2024

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Windows Kernel Security Feature Bypass Vulnerability

CVE-2024-21362 5.5 - Medium - February 13, 2024

Windows Kernel Security Feature Bypass Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21359 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

CVE-2024-21356 6.5 - Medium - February 13, 2024

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2024-21355 7 - High - February 13, 2024

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

CVE-2024-21353 8.8 - High - February 13, 2024

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

Internet Connection Sharing (ICS) Denial of Service Vulnerability

CVE-2024-21348 7.5 - High - February 13, 2024

Internet Connection Sharing (ICS) Denial of Service Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-21347 7.5 - High - February 13, 2024

Microsoft ODBC Driver Remote Code Execution Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2024-21346 7.8 - High - February 13, 2024

Win32k Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21345 8.8 - High - February 13, 2024

Windows Kernel Elevation of Privilege Vulnerability

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVE-2024-21344 5.9 - Medium - February 13, 2024

Windows Network Address Translation (NAT) Denial of Service Vulnerability

Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVE-2024-21343 5.9 - Medium - February 13, 2024

Windows Network Address Translation (NAT) Denial of Service Vulnerability

Windows DNS Client Denial of Service Vulnerability

CVE-2024-21342 7.5 - High - February 13, 2024

Windows DNS Client Denial of Service Vulnerability

Windows Kernel Remote Code Execution Vulnerability

CVE-2024-21341 6.8 - Medium - February 13, 2024

Windows Kernel Remote Code Execution Vulnerability

Windows USB Generic Parent Driver Remote Code Execution Vulnerability

CVE-2024-21339 6.4 - Medium - February 13, 2024

Windows USB Generic Parent Driver Remote Code Execution Vulnerability

Windows Hyper-V Denial of Service Vulnerability

CVE-2024-20684 6.5 - Medium - February 13, 2024

Windows Hyper-V Denial of Service Vulnerability

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21328 7.6 - High - February 13, 2024

Dynamics 365 Sales Spoofing Vulnerability

Skype for Business Information Disclosure Vulnerability

CVE-2024-20695 5.7 - Medium - February 13, 2024

Skype for Business Information Disclosure Vulnerability

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

CVE-2024-21315 7.8 - High - February 13, 2024

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

Trusted Compute Base Elevation of Privilege Vulnerability

CVE-2024-21304 4.1 - Medium - February 13, 2024

Trusted Compute Base Elevation of Privilege Vulnerability

Azure Stack Hub Spoofing Vulnerability

CVE-2024-20679 6.5 - Medium - February 13, 2024

Azure Stack Hub Spoofing Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-20673 7.8 - High - February 13, 2024

Microsoft Office Remote Code Execution Vulnerability

.NET Denial of Service Vulnerability

CVE-2024-21404 7.5 - High - February 13, 2024

.NET Denial of Service Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2024-21402 7.1 - High - February 13, 2024

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

CVE-2024-21401 9.8 - Critical - February 13, 2024

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21396 7.6 - High - February 13, 2024

Dynamics 365 Sales Spoofing Vulnerability

Dynamics 365 Field Service Spoofing Vulnerability

CVE-2024-21394 7.6 - High - February 13, 2024

Dynamics 365 Field Service Spoofing Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21393 7.6 - High - February 13, 2024

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21389 7.6 - High - February 13, 2024

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

.NET Denial of Service Vulnerability

CVE-2024-21386 7.5 - High - February 13, 2024

.NET Denial of Service Vulnerability

Microsoft Azure Active Directory B2C Spoofing Vulnerability

CVE-2024-21381 6.8 - Medium - February 13, 2024

Microsoft Azure Active Directory B2C Spoofing Vulnerability

Microsoft Word Remote Code Execution Vulnerability

CVE-2024-21379 7.8 - High - February 13, 2024

Microsoft Word Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21375 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows OLE Remote Code Execution Vulnerability

CVE-2024-21372 8.8 - High - February 13, 2024

Windows OLE Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21371 7 - High - February 13, 2024

Windows Kernel Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21369 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21366 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21361 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21360 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21358 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2024-21357 8.1 - High - February 13, 2024

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

CVE-2024-21354 7.8 - High - February 13, 2024

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21352 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2024-21351 7.6 - High - February 13, 2024

Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21350 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

CVE-2024-21349 8.8 - High - February 13, 2024

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

Windows Kernel Information Disclosure Vulnerability

CVE-2024-21340 4.6 - Medium - February 13, 2024

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21338 7.8 - High - February 13, 2024

Windows Kernel Elevation of Privilege Vulnerability

Azure Connected Machine Agent Elevation of Privilege Vulnerability

CVE-2024-21329 7.3 - High - February 13, 2024

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

CVE-2024-21327 7.6 - High - February 13, 2024

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2024-20667 7.5 - High - February 13, 2024

Azure DevOps Server Remote Code Execution Vulnerability

Use after free in Mojo in Google Chrome prior to 121.0.6167.160

CVE-2024-1284 9.8 - Critical - February 07, 2024

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160

CVE-2024-1283 9.8 - Critical - February 07, 2024

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2024-21399 8.3 - High - February 02, 2024

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification

CVE-2024-21626 8.6 - High - January 31, 2024

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.

Exposure of Resource to Wrong Sphere

Use after free in Network in Google Chrome prior to 121.0.6167.139

CVE-2024-1077 8.8 - High - January 30, 2024

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

Dangling pointer

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139

CVE-2024-1059 8.8 - High - January 30, 2024

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Canvas in Google Chrome prior to 121.0.6167.139

CVE-2024-1060 8.8 - High - January 30, 2024

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-21388 6.5 - Medium - January 30, 2024

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-21336 2.5 - Low - January 26, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

CVE-2024-21387 5.3 - Medium - January 26, 2024

Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-21385 8.3 - High - January 26, 2024

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-21383 3.3 - Low - January 26, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge for Android Information Disclosure Vulnerability

CVE-2024-21382 4.3 - Medium - January 26, 2024

Microsoft Edge for Android Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2024-21326 9.6 - Critical - January 26, 2024

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85

CVE-2024-0804 7.5 - High - January 24, 2024

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85

CVE-2024-0805 4.3 - Medium - January 24, 2024

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

Use after free in Passwords in Google Chrome prior to 121.0.6167.85

CVE-2024-0806 8.8 - High - January 24, 2024

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

Dangling pointer

Use after free in Web Audio in Google Chrome prior to 121.0.6167.85

CVE-2024-0807 8.8 - High - January 24, 2024

Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85

CVE-2024-0808 9.8 - Critical - January 24, 2024

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

Integer underflow

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85

CVE-2024-0809 4.3 - Medium - January 24, 2024

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85

CVE-2024-0811 4.3 - Medium - January 24, 2024

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85

CVE-2024-0814 6.5 - Medium - January 24, 2024

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Origin Validation Error

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85

CVE-2024-0813 8.8 - High - January 24, 2024

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

Dangling pointer

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85

CVE-2024-0810 4.3 - Medium - January 24, 2024

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85

CVE-2024-0812 8.8 - High - January 24, 2024

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Type confusion in V8 in Google Chrome prior to 120.0.6099.224

CVE-2024-0518 8.8 - High - January 16, 2024

Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224

CVE-2024-0517 8.8 - High - January 16, 2024

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.