Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows Server 20163069 vulnerabilities

Microsoft Windows Server 20192858 vulnerabilities

Microsoft Windows 102605 vulnerabilities

Microsoft Windows Server 20122226 vulnerabilities

Microsoft Windows Server 20082214 vulnerabilities

Microsoft Windows 71760 vulnerabilities

Microsoft Windows 8.11667 vulnerabilities

Microsoft Windows Rt 8 11536 vulnerabilities

Microsoft Windows Server 20221162 vulnerabilities

Microsoft Windows 11604 vulnerabilities

Microsoft Windows 11 21h2587 vulnerabilities

Microsoft Windows 11 22h2571 vulnerabilities

Microsoft Windows 10 1809560 vulnerabilities

Microsoft Windows 10 22h2553 vulnerabilities

Microsoft Windows 10 21h2549 vulnerabilities

Microsoft Windows 10 1607493 vulnerabilities

Microsoft Internet Explorer (IE)415 vulnerabilities
Popular web browser for windows

Microsoft Office406 vulnerabilities

Microsoft Windows 10 1507370 vulnerabilities

Microsoft Windows Vista349 vulnerabilities

Microsoft Windows XP313 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Sharepoint Server280 vulnerabilities

Microsoft Windows Server 2003248 vulnerabilities

Microsoft Windows 10 20h2234 vulnerabilities

Microsoft 365 Apps221 vulnerabilities

Microsoft ChakraCore189 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Foundation180 vulnerabilities

Microsoft Windows 2003 Server157 vulnerabilities

Microsoft Edge Chromium150 vulnerabilities

Microsoft Ie149 vulnerabilities

Microsoft Exchange Server122 vulnerabilities

Microsoft Excel121 vulnerabilities
Spreadsheet Software

Microsoft Windows 11 23h2118 vulnerabilities

Microsoft Windows 2000104 vulnerabilities

Microsoft Office Online Server100 vulnerabilities

Microsoft Visual Studio 201995 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Dynamics 36580 vulnerabilities

Microsoft Visual Studio 201780 vulnerabilities

Microsoft Word70 vulnerabilities

Microsoft Edge Browser62 vulnerabilities
Web Browser based on Chromium

Microsoft Visual Studio 202261 vulnerabilities

Microsoft Windows Nt52 vulnerabilities

Microsoft Net52 vulnerabilities

Microsoft Office Web Apps52 vulnerabilities

Microsoft Outlook51 vulnerabilities

Microsoft Visual Studio Code45 vulnerabilities

Microsoft Windows 845 vulnerabilities

Microsoft Visual Studio38 vulnerabilities
Developer IDE

Microsoft Azure Devops Server37 vulnerabilities

Microsoft Azure Site Recovery37 vulnerabilities

Microsoft SQL Server36 vulnerabilities
Database Server

Microsoft Windows Rt33 vulnerabilities

Microsoft .NET Core32 vulnerabilities

Microsoft ASP.NET Core31 vulnerabilities

Microsoft Windows 10 21h130 vulnerabilities

Microsoft Excel Viewer29 vulnerabilities

Microsoft Azure Sphere27 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Windows Server 20h218 vulnerabilities

Microsoft Office Word Viewer17 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Visio16 vulnerabilities

Microsoft Powershell15 vulnerabilities

Microsoft Remote Desktop14 vulnerabilities

Microsoft Defender For Iot13 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Windows Server 23h213 vulnerabilities

Microsoft Windows 9812 vulnerabilities

Microsoft Project11 vulnerabilities

Microsoft Skype For Business11 vulnerabilities

Microsoft Lync11 vulnerabilities

Microsoft 3d Viewer10 vulnerabilities

Microsoft Raw Image Extension10 vulnerabilities

Microsoft Word Viewer10 vulnerabilities

Microsoft Azure Rtos Usbx10 vulnerabilities

Microsoft Teams9 vulnerabilities

Microsoft Powerpoint9 vulnerabilities

Microsoft Dynamics Nav9 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2024-2400 Chromium: CVE-2024-2400 Use after free in Performance Manager March 14, 2024
CVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability March 14, 2024
CVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability March 14, 2024
CVE-2024-21438 Microsoft AllJoyn API Denial of Service Vulnerability March 12, 2024
CVE-2024-21426 Microsoft SharePoint Server Remote Code Execution Vulnerability March 12, 2024
CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability March 12, 2024
CVE-2024-21411 Skype for Consumer Remote Code Execution Vulnerability March 12, 2024
CVE-2024-20671 Microsoft Defender Security Feature Bypass Vulnerability March 12, 2024
CVE-2024-21421 Azure SDK Spoofing Vulnerability March 12, 2024
CVE-2024-21429 Windows USB Hub Driver Remote Code Execution Vulnerability March 12, 2024

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. CVE-2024-21338 March 4, 2024
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2023-29360 February 29, 2024
Microsoft Exchange Server Privilege Escalation Vulnerability Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CVE-2024-21410 February 15, 2024
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CVE-2024-21351 February 13, 2024
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-21412 February 13, 2024
Microsoft SharePoint Server Privilege Escalation Vulnerability Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. CVE-2023-29357 January 10, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2023-36584 November 16, 2023
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36033 November 14, 2023
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. CVE-2023-36025 November 14, 2023
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2023-36036 November 14, 2023
Microsoft WordPad Information Disclosure Vulnerability Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36563 October 10, 2023
Microsoft Skype for Business Privilege Escalation Vulnerability Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-41763 October 10, 2023
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. CVE-2023-28229 October 4, 2023
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36802 September 12, 2023
Microsoft Word Information Disclosure Vulnerability Microsoft Word contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36761 September 12, 2023
Microsoft .NET Core and Visual Studio Denial of Service Vulnerability Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial of service. CVE-2023-38180 August 9, 2023
Microsoft Office and Windows HTML Remote Code Execution Vulnerability Microsoft Office and Windows contain an unspecified vulnerability that allows an attacker to perform remote code execution via a specially crafted Microsoft Office document. CVE-2023-36884 July 17, 2023
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36874 July 11, 2023
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. CVE-2023-32049 July 11, 2023
Microsoft Outlook Security Feature Bypass Vulnerability Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. CVE-2023-35311 July 11, 2023

By the Year

In 2024 there have been 245 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1461 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.14.

Year Vulnerabilities Average Score
2024 245 7.42
2023 1461 7.27
2022 1295 7.44
2021 1111 7.45
2020 1207 7.26
2019 759 7.23
2018 579 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-26246 3.9 - Low - March 14, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-26163 4.7 - Medium - March 14, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may

CVE-2023-28746 - March 14, 2024

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128

CVE-2024-2400 - March 13, 2024

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2024-26165 8.8 - High - March 12, 2024

Visual Studio Code Elevation of Privilege Vulnerability

Outlook for Android Information Disclosure Vulnerability

CVE-2024-26204 7.5 - High - March 12, 2024

Outlook for Android Information Disclosure Vulnerability

Windows Compressed Folder Tampering Vulnerability

CVE-2024-26185 6.5 - Medium - March 12, 2024

Windows Compressed Folder Tampering Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-26182 7.8 - High - March 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Denial of Service Vulnerability

CVE-2024-26181 5.5 - Medium - March 12, 2024

Windows Kernel Denial of Service Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-26178 7.8 - High - March 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Information Disclosure Vulnerability

CVE-2024-26177 5.5 - Medium - March 12, 2024

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-26176 - March 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Information Disclosure Vulnerability

CVE-2024-26174 5.5 - Medium - March 12, 2024

Windows Kernel Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-26173 7.8 - High - March 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

CVE-2024-26170 7.8 - High - March 12, 2024

Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVE-2024-26169 7.8 - High - March 12, 2024

Windows Error Reporting Service Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-26166 8.8 - High - March 12, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-26162 8.8 - High - March 12, 2024

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVE-2024-26160 - March 12, 2024

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Microsoft Teams for Android Information Disclosure Vulnerability

CVE-2024-21448 5 - Medium - March 12, 2024

Microsoft Teams for Android Information Disclosure Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-21440 - March 12, 2024

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-21437 7.8 - High - March 12, 2024

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

CVE-2024-21436 7.8 - High - March 12, 2024

Windows Installer Elevation of Privilege Vulnerability

Windows OLE Remote Code Execution Vulnerability

CVE-2024-21435 8.8 - High - March 12, 2024

Windows OLE Remote Code Execution Vulnerability

Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

CVE-2024-21434 7.8 - High - March 12, 2024

Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2024-21433 7 - High - March 12, 2024

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2024-21432 7 - High - March 12, 2024

Windows Update Stack Elevation of Privilege Vulnerability

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

CVE-2024-21431 7.8 - High - March 12, 2024

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

Windows Kerberos Security Feature Bypass Vulnerability

CVE-2024-21427 7.5 - High - March 12, 2024

Windows Kerberos Security Feature Bypass Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21419 7.6 - High - March 12, 2024

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Windows Hyper-V Denial of Service Vulnerability

CVE-2024-21408 5.5 - Medium - March 12, 2024

Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2024-21407 8.1 - High - March 12, 2024

Windows Hyper-V Remote Code Execution Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVE-2024-21400 9 - Critical - March 12, 2024

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Authenticator Elevation of Privilege Vulnerability

CVE-2024-21390 7.1 - High - March 12, 2024

Microsoft Authenticator Elevation of Privilege Vulnerability

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

CVE-2024-21334 9.8 - Critical - March 12, 2024

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

CVE-2024-21330 7.8 - High - March 12, 2024

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

CVE-2024-26164 8.8 - High - March 12, 2024

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-26161 8.8 - High - March 12, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Azure Data Studio Elevation of Privilege Vulnerability

CVE-2024-26203 7.3 - High - March 12, 2024

Azure Data Studio Elevation of Privilege Vulnerability

Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

CVE-2024-26201 6.6 - Medium - March 12, 2024

Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

Microsoft Office Elevation of Privilege Vulnerability

CVE-2024-26199 7.8 - High - March 12, 2024

Microsoft Office Elevation of Privilege Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-26198 8.8 - High - March 12, 2024

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft QUIC Denial of Service Vulnerability

CVE-2024-26190 7.5 - High - March 12, 2024

Microsoft QUIC Denial of Service Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-26159 8.8 - High - March 12, 2024

Microsoft ODBC Driver Remote Code Execution Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVE-2024-26197 6.5 - Medium - March 12, 2024

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-21451 8.8 - High - March 12, 2024

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21450 - March 12, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

NTFS Elevation of Privilege Vulnerability

CVE-2024-21446 7.8 - High - March 12, 2024

NTFS Elevation of Privilege Vulnerability

Windows USB Print Driver Elevation of Privilege Vulnerability

CVE-2024-21445 7 - High - March 12, 2024

Windows USB Print Driver Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21444 8.8 - High - March 12, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2024-21443 7.3 - High - March 12, 2024

Windows Kernel Elevation of Privilege Vulnerability

Windows USB Print Driver Elevation of Privilege Vulnerability

CVE-2024-21442 7.8 - High - March 12, 2024

Windows USB Print Driver Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21441 8.8 - High - March 12, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

CVE-2024-21439 7 - High - March 12, 2024

Windows Telephony Server Elevation of Privilege Vulnerability

Microsoft AllJoyn API Denial of Service Vulnerability

CVE-2024-21438 7.5 - High - March 12, 2024

Microsoft AllJoyn API Denial of Service Vulnerability

Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability

CVE-2024-21430 - March 12, 2024

Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability

Windows USB Hub Driver Remote Code Execution Vulnerability

CVE-2024-21429 6.8 - Medium - March 12, 2024

Windows USB Hub Driver Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-21426 7.8 - High - March 12, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Azure SDK Spoofing Vulnerability

CVE-2024-21421 7.5 - High - March 12, 2024

Azure SDK Spoofing Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

CVE-2024-21418 7.8 - High - March 12, 2024

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Skype for Consumer Remote Code Execution Vulnerability

CVE-2024-21411 8.8 - High - March 12, 2024

Skype for Consumer Remote Code Execution Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

CVE-2024-21392 7.5 - High - March 12, 2024

.NET and Visual Studio Denial of Service Vulnerability

Microsoft Defender Security Feature Bypass Vulnerability

CVE-2024-20671 5.5 - Medium - March 12, 2024

Microsoft Defender Security Feature Bypass Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

CVE-2024-26167 4.3 - Medium - March 07, 2024

Microsoft Edge for Android Spoofing Vulnerability

Use after free in FedCM in Google Chrome prior to 122.0.6261.111

CVE-2024-2176 - March 06, 2024

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111

CVE-2024-2174 - March 06, 2024

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111

CVE-2024-2173 - March 06, 2024

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94

CVE-2024-1939 - February 29, 2024

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94

CVE-2024-1938 - February 29, 2024

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-26188 4.3 - Medium - February 23, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-26192 8.2 - High - February 23, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-21423 4.8 - Medium - February 23, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57

CVE-2024-1669 - February 21, 2024

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use after free in Mojo in Google Chrome prior to 122.0.6261.57

CVE-2024-1670 - February 21, 2024

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57

CVE-2024-1671 - February 21, 2024

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57

CVE-2024-1672 - February 21, 2024

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57

CVE-2024-1673 - February 21, 2024

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57

CVE-2024-1674 - February 21, 2024

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57

CVE-2024-1676 - February 21, 2024

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57

CVE-2024-1675 - February 21, 2024

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs)

CVE-2023-50387 7.5 - High - February 14, 2024

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Allocation of Resources Without Limits or Throttling

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2024-21413 9.8 - Critical - February 13, 2024

Microsoft Outlook Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-21420 8.8 - High - February 13, 2024

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Azure Stack Hub Spoofing Vulnerability

CVE-2024-20679 6.5 - Medium - February 13, 2024

Azure Stack Hub Spoofing Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-21393 7.6 - High - February 13, 2024

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

XSS

Dynamics 365 Field Service Spoofing Vulnerability

CVE-2024-21394 7.6 - High - February 13, 2024

Dynamics 365 Field Service Spoofing Vulnerability

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21396 7.6 - High - February 13, 2024

Dynamics 365 Sales Spoofing Vulnerability

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

CVE-2024-21401 9.8 - Critical - February 13, 2024

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2024-21402 7.1 - High - February 13, 2024

Microsoft Outlook Elevation of Privilege Vulnerability

.NET Denial of Service Vulnerability

CVE-2024-21404 7.5 - High - February 13, 2024

.NET Denial of Service Vulnerability

Microsoft Office Remote Code Execution Vulnerability

CVE-2024-20673 7.8 - High - February 13, 2024

Microsoft Office Remote Code Execution Vulnerability

Windows DNS Client Denial of Service Vulnerability

CVE-2024-21342 7.5 - High - February 13, 2024

Windows DNS Client Denial of Service Vulnerability

Windows Hyper-V Denial of Service Vulnerability

CVE-2024-20684 6.5 - Medium - February 13, 2024

Windows Hyper-V Denial of Service Vulnerability

Windows USB Generic Parent Driver Remote Code Execution Vulnerability

CVE-2024-21339 6.4 - Medium - February 13, 2024

Windows USB Generic Parent Driver Remote Code Execution Vulnerability

Windows Kernel Remote Code Execution Vulnerability

CVE-2024-21341 6.8 - Medium - February 13, 2024

Windows Kernel Remote Code Execution Vulnerability

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

CVE-2024-21349 8.8 - High - February 13, 2024

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

CVE-2024-21315 7.8 - High - February 13, 2024

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

Trusted Compute Base Elevation of Privilege Vulnerability

CVE-2024-21304 4.1 - Medium - February 13, 2024

Trusted Compute Base Elevation of Privilege Vulnerability

Dynamics 365 Sales Spoofing Vulnerability

CVE-2024-21328 7.6 - High - February 13, 2024

Dynamics 365 Sales Spoofing Vulnerability

Skype for Business Information Disclosure Vulnerability

CVE-2024-20695 5.7 - Medium - February 13, 2024

Skype for Business Information Disclosure Vulnerability

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.