Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Recent Microsoft Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2024-38103 | CVE-2024-38103 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | July 25, 2024 |
CVE-2024-7000 | Chromium: CVE-2024-7000 Use after free in CSS | July 25, 2024 |
CVE-2024-7001 | Chromium: CVE-2024-7001 Inappropriate implementation in HTML | July 25, 2024 |
CVE-2024-7004 | Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing | July 25, 2024 |
CVE-2024-7003 | Chromium: CVE-2024-7003 Inappropriate implementation in FedCM | July 25, 2024 |
CVE-2024-6991 | Chromium: CVE-2024-6991 Use after free in Dawn | July 25, 2024 |
CVE-2024-6992 | Chromium: CVE-2024-6992 | July 25, 2024 |
CVE-2024-7005 | Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing | July 25, 2024 |
CVE-2024-6995 | Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen | July 25, 2024 |
CVE-2024-6993 | Chromium: CVE-2024-6993 | July 25, 2024 |
Known Exploited Microsoft Vulnerabilities
The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft Internet Explorer Use-After-Free Vulnerability | Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. CVE-2012-4792 | July 23, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability | Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. CVE-2024-38112 | July 9, 2024 |
Microsoft Windows Hyper-V Privilege Escalation Vulnerability | Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-38080 | July 9, 2024 |
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-26169 | June 13, 2024 |
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-30040 | May 14, 2024 |
Microsoft DWM Core Library Privilege Escalation Vulnerability | Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. CVE-2024-30051 | May 14, 2024 |
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability | Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. CVE-2024-29988 | April 30, 2024 |
Microsoft Windows Print Spooler Privilege Escalation Vulnerability | Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. CVE-2022-38028 | April 23, 2024 |
Microsoft SharePoint Server Code Injection Vulnerability | Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. CVE-2023-24955 | March 26, 2024 |
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability | Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. CVE-2024-21338 | March 4, 2024 |
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability | Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2023-29360 | February 29, 2024 |
Microsoft Exchange Server Privilege Escalation Vulnerability | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CVE-2024-21410 | February 15, 2024 |
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability | Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-21412 | February 13, 2024 |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CVE-2024-21351 | February 13, 2024 |
Microsoft SharePoint Server Privilege Escalation Vulnerability | Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. CVE-2023-29357 | January 10, 2024 |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2023-36584 | November 16, 2023 |
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36033 | November 14, 2023 |
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2023-36036 | November 14, 2023 |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. CVE-2023-36025 | November 14, 2023 |
Microsoft WordPad Information Disclosure Vulnerability | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36563 | October 10, 2023 |
By the Year
In 2024 there have been 761 vulnerabilities in Microsoft with an average score of 7.5 out of ten. Last year Microsoft had 1464 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.24.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 761 | 7.51 |
2023 | 1464 | 7.27 |
2022 | 1297 | 7.44 |
2021 | 1111 | 7.45 |
2020 | 1207 | 7.26 |
2019 | 761 | 7.21 |
2018 | 580 | 6.89 |
It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Security Vulnerabilities
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38103
5.9 - Medium
- July 25, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Privacy violation
An improper access control vulnerability in GroupMe
CVE-2024-38164
9.6 - Critical
- July 23, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
Authorization
An improper restriction of excessive authentication attempts in GroupMe
CVE-2024-38176
8.1 - High
- July 23, 2024
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
Improper Restriction of Excessive Authentication Attempts
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38156
6.1 - Medium
- July 19, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
XSS
Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182
CVE-2024-6774
- July 16, 2024
Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Navigation in Google Chrome prior to 126.0.6478.182
CVE-2024-6777
- July 16, 2024
Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Race in DevTools in Google Chrome prior to 126.0.6478.182
CVE-2024-6778
- July 16, 2024
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Use after free in Audio in Google Chrome prior to 126.0.6478.182
CVE-2024-6776
- July 16, 2024
Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Media Stream in Google Chrome prior to 126.0.6478.182
CVE-2024-6775
- July 16, 2024
Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182
CVE-2024-6772
- July 16, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182
CVE-2024-6773
- July 16, 2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182
CVE-2024-6779
- July 16, 2024
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Windows Text Services Framework Elevation of Privilege Vulnerability
CVE-2024-21417
8.8 - High
- July 10, 2024
Windows Text Services Framework Elevation of Privilege Vulnerability
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text
CVE-2024-39684
- July 09, 2024
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text
CVE-2024-38517
- July 09, 2024
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
CVE-2024-38013
6.7 - Medium
- July 09, 2024
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2024-30061
7.3 - High
- July 09, 2024
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28899
8.8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Windows NTLM Spoofing Vulnerability
CVE-2024-30081
7.1 - High
- July 09, 2024
Windows NTLM Spoofing Vulnerability
Windows Cryptographic Services Security Feature Bypass Vulnerability
CVE-2024-30098
7.5 - High
- July 09, 2024
Windows Cryptographic Services Security Feature Bypass Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264
8.1 - High
- July 09, 2024
.NET and Visual Studio Remote Code Execution Vulnerability
Windows iSCSI Service Denial of Service Vulnerability
CVE-2024-35270
5.3 - Medium
- July 09, 2024
Windows iSCSI Service Denial of Service Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38088
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38087
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21332
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21333
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21335
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21373
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21398
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21414
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21415
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21428
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37318
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37332
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37331
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37969
8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37970
8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37974
8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37981
8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37986
8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-37987
8 - High
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2024-38015
7.5 - High
- July 09, 2024
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2024-38022
7 - High
- July 09, 2024
Windows Image Acquisition Elevation of Privilege Vulnerability
insecure temporary file
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38023
7.2 - High
- July 09, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38024
7.2 - High
- July 09, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
CVE-2024-38025
7.2 - High
- July 09, 2024
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Memory Corruption
Windows Filtering Platform Elevation of Privilege Vulnerability
CVE-2024-38034
7.8 - High
- July 09, 2024
Windows Filtering Platform Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
CVE-2024-38041
5.5 - Medium
- July 09, 2024
Windows Kernel Information Disclosure Vulnerability
PowerShell Elevation of Privilege Vulnerability
CVE-2024-38043
7.8 - High
- July 09, 2024
PowerShell Elevation of Privilege Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2024-38051
7.8 - High
- July 09, 2024
Windows Graphics Component Remote Code Execution Vulnerability
Memory Corruption
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38054
7.8 - High
- July 09, 2024
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Memory Corruption
Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2024-38055
5.5 - Medium
- July 09, 2024
Microsoft Windows Codecs Library Information Disclosure Vulnerability
Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVE-2024-38056
5.5 - Medium
- July 09, 2024
Microsoft Windows Codecs Library Information Disclosure Vulnerability
Win32k Elevation of Privilege Vulnerability
CVE-2024-38059
7.8 - High
- July 09, 2024
Win32k Elevation of Privilege Vulnerability
Windows Imaging Component Remote Code Execution Vulnerability
CVE-2024-38060
8.8 - High
- July 09, 2024
Windows Imaging Component Remote Code Execution Vulnerability
Memory Corruption
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
CVE-2024-38061
7.5 - High
- July 09, 2024
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38062
7.8 - High
- July 09, 2024
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows TCP/IP Information Disclosure Vulnerability
CVE-2024-38064
7.5 - High
- July 09, 2024
Windows TCP/IP Information Disclosure Vulnerability
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVE-2024-38071
7.5 - High
- July 09, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVE-2024-38072
7.5 - High
- July 09, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38077
9.8 - Critical
- July 09, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2024-38080
7.8 - High
- July 09, 2024
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-38085
7.8 - High
- July 09, 2024
Windows Graphics Component Elevation of Privilege Vulnerability
Azure Kinect SDK Remote Code Execution Vulnerability
CVE-2024-38086
6.4 - Medium
- July 09, 2024
Azure Kinect SDK Remote Code Execution Vulnerability
Microsoft WS-Discovery Denial of Service Vulnerability
CVE-2024-38091
7.5 - High
- July 09, 2024
Microsoft WS-Discovery Denial of Service Vulnerability
Windows File Explorer Elevation of Privilege Vulnerability
CVE-2024-38100
7.8 - High
- July 09, 2024
Windows File Explorer Elevation of Privilege Vulnerability
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
CVE-2024-38102
6.5 - Medium
- July 09, 2024
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Windows Fax Service Remote Code Execution Vulnerability
CVE-2024-38104
8.8 - High
- July 09, 2024
Windows Fax Service Remote Code Execution Vulnerability
Buffer Overflow
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-38112
7.5 - High
- July 09, 2024
Windows MSHTML Platform Spoofing Vulnerability
User Interface (UI) Misrepresentation of Critical Information
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-26184
6.8 - Medium
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Windows MultiPoint Services Remote Code Execution Vulnerability
CVE-2024-30013
8.8 - High
- July 09, 2024
Windows MultiPoint Services Remote Code Execution Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-32987
7.5 - High
- July 09, 2024
Microsoft SharePoint Server Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30071
4.7 - Medium
- July 09, 2024
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2024-30079
7.8 - High
- July 09, 2024
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-30105
7.5 - High
- July 09, 2024
.NET Core and Visual Studio Denial of Service Vulnerability
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
CVE-2024-35261
7.8 - High
- July 09, 2024
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2024-35266
7.6 - High
- July 09, 2024
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2024-35267
7.6 - High
- July 09, 2024
Azure DevOps Server Spoofing Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35271
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-20701
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21303
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21308
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
CVE-2024-38048
6.5 - Medium
- July 09, 2024
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
Out-of-bounds Read
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-38065
6.8 - Medium
- July 09, 2024
Secure Boot Security Feature Bypass Vulnerability
Memory Corruption
BitLocker Security Feature Bypass Vulnerability
CVE-2024-38058
6.8 - Medium
- July 09, 2024
BitLocker Security Feature Bypass Vulnerability
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38057
7.8 - High
- July 09, 2024
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2024-38053
8.8 - High
- July 09, 2024
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
Dangling pointer
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38052
7.8 - High
- July 09, 2024
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Windows Workstation Service Elevation of Privilege Vulnerability
CVE-2024-38050
7.8 - High
- July 09, 2024
Windows Workstation Service Elevation of Privilege Vulnerability
Integer underflow
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
CVE-2024-38049
8.1 - High
- July 09, 2024
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Externally Controlled Reference to a Resource in Another Sphere
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21317
8.8 - High
- July 09, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Microsoft Xbox Remote Code Execution Vulnerability
CVE-2024-38032
7.1 - High
- July 09, 2024
Microsoft Xbox Remote Code Execution Vulnerability
Memory Corruption
Windows Line Printer Daemon Service Denial of Service Vulnerability
CVE-2024-38027
6.5 - Medium
- July 09, 2024
Windows Line Printer Daemon Service Denial of Service Vulnerability
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
CVE-2024-38028
7.2 - High
- July 09, 2024
Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
Out-of-bounds Read
Windows Themes Spoofing Vulnerability
CVE-2024-38030
6.5 - Medium
- July 09, 2024
Windows Themes Spoofing Vulnerability
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
CVE-2024-38031
7.5 - High
- July 09, 2024
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-38044
7.2 - High
- July 09, 2024
DHCP Server Service Remote Code Execution Vulnerability
Incorrect Conversion between Numeric Types
PowerShell Elevation of Privilege Vulnerability
CVE-2024-38047
7.8 - High
- July 09, 2024
PowerShell Elevation of Privilege Vulnerability