Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

  1. Vendors
  2. Microsoft
Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 102402 vulnerabilities

Microsoft Windows Server 20162393 vulnerabilities

Microsoft Windows Server 20192126 vulnerabilities

Microsoft Windows Server 20121581 vulnerabilities

Microsoft Windows 8.11502 vulnerabilities

Microsoft Windows Server 20081397 vulnerabilities

Microsoft Windows Rt 8 11392 vulnerabilities

Microsoft Windows 71370 vulnerabilities

Microsoft Windows 11461 vulnerabilities

Microsoft Internet Explorer (IE)409 vulnerabilities
Popular web browser for windows

Microsoft Windows Server 2022394 vulnerabilities

Microsoft Office293 vulnerabilities

Microsoft Windows Server282 vulnerabilities

Microsoft Sharepoint Server240 vulnerabilities

Microsoft Sharepoint Enterprise Server219 vulnerabilities

Microsoft ChakraCore184 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Foundation165 vulnerabilities

Microsoft Ie146 vulnerabilities

Microsoft 365 Apps116 vulnerabilities

Microsoft Excel103 vulnerabilities
Spreadsheet Software

Microsoft Exchange Server90 vulnerabilities

Microsoft Office Online Server84 vulnerabilities

Microsoft Office 365 Proplus83 vulnerabilities

Microsoft Edge Chromium78 vulnerabilities

Microsoft Visual Studio 201972 vulnerabilities

Microsoft Visual Studio 201762 vulnerabilities

Microsoft Word59 vulnerabilities

Microsoft Edge Browser52 vulnerabilities
Web Browser based on Chromium

Microsoft Office Web Apps50 vulnerabilities

Microsoft Azure Site Recovery Vmware To Azure46 vulnerabilities

Microsoft Windows Nt43 vulnerabilities

Microsoft Outlook41 vulnerabilities

Microsoft Office Compatibility Pack39 vulnerabilities

Microsoft Visual Studio Code37 vulnerabilities

Microsoft Azure Site Recovery36 vulnerabilities

Microsoft Dynamics 36536 vulnerabilities

Microsoft Office Web Apps Server32 vulnerabilities

Microsoft Windows XP32 vulnerabilities

Microsoft Windows 200032 vulnerabilities

Microsoft .NET Core31 vulnerabilities

Microsoft Hevc Video Extensions31 vulnerabilities

Microsoft Visual Studio28 vulnerabilities
Developer IDE

Microsoft Azure Devops Server27 vulnerabilities

Microsoft Azure Sphere27 vulnerabilities

Microsoft ASP.NET Core24 vulnerabilities

Microsoft Team Foundation Server23 vulnerabilities

Microsoft Office Long Term Servicing Channel22 vulnerabilities

Microsoft Windows Vista21 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Net18 vulnerabilities

Microsoft Windows Server 200317 vulnerabilities

Microsoft Windows 2003 Server17 vulnerabilities

Microsoft Excel Viewer17 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Visual Studio 202216 vulnerabilities

Microsoft Defender For Iot12 vulnerabilities

Microsoft Azure Real Time Operating System Guix Studio11 vulnerabilities

Microsoft Internet Information Server11 vulnerabilities

Microsoft High Efficiency Video Coding10 vulnerabilities

Microsoft Raw Image Extension10 vulnerabilities

Microsoft SQL Server9 vulnerabilities
Database Server

Microsoft Windows 989 vulnerabilities

Microsoft Onedrive9 vulnerabilities

Microsoft Security Essentials9 vulnerabilities

Microsoft Remote Desktop8 vulnerabilities

Microsoft Internet Information Services8 vulnerabilities

Microsoft Skype For Business8 vulnerabilities

Microsoft Lync Server8 vulnerabilities

Microsoft System Center Operations Manager8 vulnerabilities

Microsoft Powerpoint8 vulnerabilities

Microsoft 3d Viewer7 vulnerabilities

Microsoft Skype For Business Server7 vulnerabilities

Microsoft Office Word Viewer7 vulnerabilities

Microsoft Office For Mac7 vulnerabilities

Microsoft Outlook Express7 vulnerabilities

Microsoft Malware Protection Engine7 vulnerabilities

Microsoft Lync7 vulnerabilities

Microsoft Windows Defender For Iot7 vulnerabilities

Microsoft Office 3657 vulnerabilities

Microsoft Windows 957 vulnerabilities

Microsoft Powershell7 vulnerabilities

Microsoft Dynamics 365 Business Central7 vulnerabilities

Microsoft Dynamics Nav7 vulnerabilities

Microsoft Excel 2013 Rt7 vulnerabilities

Microsoft Windows 87 vulnerabilities

Microsoft Forefront Endpoint Protection 20107 vulnerabilities

Microsoft System Center Endpoint Protection6 vulnerabilities

Microsoft Vp9 Video Extensions6 vulnerabilities

Microsoft Powerpoint Viewer6 vulnerabilities

Microsoft Windows Me5 vulnerabilities

Microsoft Azure Automation State Configuration5 vulnerabilities

Microsoft Azure Automation Update Management5 vulnerabilities

Microsoft Teams5 vulnerabilities

Microsoft Azure Real Time Operating System5 vulnerabilities

Microsoft Azure Security Center5 vulnerabilities

Microsoft Azure Sentinel5 vulnerabilities

Microsoft Sql Server Management Studio5 vulnerabilities

Microsoft Azure Stack Hub5 vulnerabilities

Microsoft Dynamics Gp5 vulnerabilities

Microsoft Windows5 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability September 30, 2022
CVE-2022-41082 Microsoft Exchange Server Remote Code Execution Vulnerability September 30, 2022
CVE-2022-37972 Microsoft Endpoint Configuration Manager Spoofing Vulnerability September 20, 2022
CVE-2022-3200 Chromium: CVE-2022-3200 Heap buffer overflow in Internals September 15, 2022
CVE-2022-3199 Chromium: CVE-2022-3199 Use after free in Frames September 15, 2022
CVE-2022-3198 Chromium: CVE-2022-3198 Use after free in PDF September 15, 2022
CVE-2022-3197 Chromium: CVE-2022-3197 Use after free in PDF September 15, 2022
CVE-2022-3196 Chromium: CVE-2022-3196 Use after free in PDF September 15, 2022
CVE-2022-3195 Chromium: CVE-2022-3195 Out of bounds write in Storage September 15, 2022
CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability September 13, 2022

@msftsecurity Tweets

For Cybersecurity Awareness Month, explore a #passwordless future. #BeCyberSmart https://t.co/ospfXUJZ2Q
Mon Oct 03 22:57:11 +0000 2022

What role do physical devices play in modern security? Endpoints are devices that exchange information when connec… https://t.co/waxJbsJaEP
Mon Oct 03 18:30:01 +0000 2022

RT @thecyberwire: Iranian dissidents, C2C markets, #cyberespionage, Novel #malware, Witchetty group & Russian troops exposed. Deepen Desai…
Fri Sep 30 19:30:00 +0000 2022

What are some of your favorite podcasts? We'll go first.��️ Uncovering Hidden Risks: https://t.co/BAXVIZgtfe Drop… https://t.co/HF5BMFBHoP
Fri Sep 30 17:00:07 +0000 2022

RT @MsftSecIntel: Microsoft has detected social engineering campaigns targeting employees of orgs across industries in the US, UK, India, R…
Thu Sep 29 23:00:00 +0000 2022

By the Year

In 2022 there have been 1006 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1108 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2022 could surpass last years number. Last year, the average CVE base score was greater by 0.14

Year Vulnerabilities Average Score
2022 1006 7.41
2021 1108 7.54
2020 1191 7.36
2019 759 7.23
2018 577 6.88

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Exchange Server Remote Code Execution Vulnerability.

CVE-2022-41082 8.8 - High - October 03, 2022

Microsoft Exchange Server Remote Code Execution Vulnerability.

Microsoft Exchange Server Elevation of Privilege Vulnerability.

CVE-2022-41040 8.8 - High - October 03, 2022

Microsoft Exchange Server Elevation of Privilege Vulnerability.

Improper Privilege Management

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125

CVE-2022-3200 8.8 - High - September 26, 2022

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Frames in Google Chrome prior to 105.0.5195.125

CVE-2022-3199 8.8 - High - September 26, 2022

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3198 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3197 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Dangling pointer

Use after free in PDF in Google Chrome prior to 105.0.5195.125

CVE-2022-3196 8.8 - High - September 26, 2022

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Dangling pointer

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125

CVE-2022-3195 8.8 - High - September 26, 2022

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Memory Corruption

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101

CVE-2022-2856 6.5 - Medium - September 26, 2022

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.

Improper Input Validation

Use after free in FedCM in Google Chrome prior to 104.0.5112.101

CVE-2022-2852 8.8 - High - September 26, 2022

Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101

CVE-2022-2853 8.8 - High - September 26, 2022

Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101

CVE-2022-2854 8.8 - High - September 26, 2022

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101

CVE-2022-2855 8.8 - High - September 26, 2022

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 104.0.5112.101

CVE-2022-2857 8.8 - High - September 26, 2022

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101

CVE-2022-2858 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.

Dangling pointer

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101

CVE-2022-2860 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101

CVE-2022-2861 6.5 - Medium - September 26, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

AuthZ

Use after free in Network Service in Google Chrome prior to 105.0.5195.52

CVE-2022-3038 8.8 - High - September 26, 2022

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3039 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Layout in Google Chrome prior to 105.0.5195.52

CVE-2022-3040 8.8 - High - September 26, 2022

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52

CVE-2022-3041 8.8 - High - September 26, 2022

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52

CVE-2022-3044 6.5 - Medium - September 26, 2022

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

AuthZ

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52

CVE-2022-3045 8.8 - High - September 26, 2022

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

AuthZ

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52

CVE-2022-3046 8.8 - High - September 26, 2022

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52

CVE-2022-3047 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

AuthZ

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52

CVE-2022-3053 4.3 - Medium - September 26, 2022

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52

CVE-2022-3054 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Passwords in Google Chrome prior to 105.0.5195.52

CVE-2022-3055 8.8 - High - September 26, 2022

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52

CVE-2022-3056 6.5 - Medium - September 26, 2022

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

AuthZ

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52

CVE-2022-3057 6.5 - Medium - September 26, 2022

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

AuthZ

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52

CVE-2022-3058 8.8 - High - September 26, 2022

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.

Dangling pointer

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102

CVE-2022-3075 9.6 - Critical - September 26, 2022

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Improper Input Validation

A vulnerability was found in networkd-dispatcher

CVE-2022-29799 5.5 - Medium - September 21, 2022

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the /etc/networkd-dispatcher base directory.

Directory traversal

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher

CVE-2022-29800 4.7 - Medium - September 21, 2022

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

TOCTTOU

Microsoft Endpoint Configuration Manager Spoofing Vulnerability.

CVE-2022-37972 7.5 - High - September 20, 2022

Microsoft Endpoint Configuration Manager Spoofing Vulnerability.

.NET Core and Visual Studio Denial of Service Vulnerability.

CVE-2022-38013 7.5 - High - September 13, 2022

.NET Core and Visual Studio Denial of Service Vulnerability.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE-2022-38012 7.7 - High - September 13, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

Windows Photo Import API Elevation of Privilege Vulnerability.

CVE-2022-26928 7 - High - September 13, 2022

Windows Photo Import API Elevation of Privilege Vulnerability.

Race Condition

.NET Framework Remote Code Execution Vulnerability.

CVE-2022-26929 7.8 - High - September 13, 2022

.NET Framework Remote Code Execution Vulnerability.

Windows Credential Roaming Service Elevation of Privilege Vulnerability.

CVE-2022-30170 7.3 - High - September 13, 2022

Windows Credential Roaming Service Elevation of Privilege Vulnerability.

Windows Secure Channel Denial of Service Vulnerability

CVE-2022-30196 8.2 - High - September 13, 2022

Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-35833.

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2022-33679 8.1 - High - September 13, 2022

Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-35803 7.8 - High - September 13, 2022

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37969.

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability

CVE-2022-35805 8.8 - High - September 13, 2022

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700.

Microsoft SharePoint Remote Code Execution Vulnerability.

CVE-2022-35823 8.8 - High - September 13, 2022

Microsoft SharePoint Remote Code Execution Vulnerability.

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability.

CVE-2022-35828 7.8 - High - September 13, 2022

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-38008 8.8 - High - September 13, 2022

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38009.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-38009 8.8 - High - September 13, 2022

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37961, CVE-2022-38008.

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-37961 8.8 - High - September 13, 2022

Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38008, CVE-2022-38009.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37964 7.8 - High - September 13, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37957.

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.

CVE-2022-30200 7.8 - High - September 13, 2022

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2022-33647 8.1 - High - September 13, 2022

Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33679.

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability

CVE-2022-34700 8.8 - High - September 13, 2022

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805.

SQL Injection

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

CVE-2022-35830 8.1 - High - September 13, 2022

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

Windows Remote Access Connection Manager Information Disclosure Vulnerability.

CVE-2022-35831 5.5 - Medium - September 13, 2022

Windows Remote Access Connection Manager Information Disclosure Vulnerability.

Out-of-bounds Read

Windows Secure Channel Denial of Service Vulnerability

CVE-2022-35833 7.5 - High - September 13, 2022

Windows Secure Channel Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-30196.

Resource Exhaustion

Visual Studio Code Elevation of Privilege Vulnerability.

CVE-2022-38020 7.3 - High - September 13, 2022

Visual Studio Code Elevation of Privilege Vulnerability.

AV1 Video Extension Remote Code Execution Vulnerability.

CVE-2022-38019 7.8 - High - September 13, 2022

AV1 Video Extension Remote Code Execution Vulnerability.

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2022-37969 7.8 - High - September 13, 2022

Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-37963 7.8 - High - September 13, 2022

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-38010.

Raw Image Extension Remote Code Execution Vulnerability.

CVE-2022-38011 7.3 - High - September 13, 2022

Raw Image Extension Remote Code Execution Vulnerability.

Microsoft PowerPoint Remote Code Execution Vulnerability.

CVE-2022-37962 7.8 - High - September 13, 2022

Microsoft PowerPoint Remote Code Execution Vulnerability.

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2022-38010 7.8 - High - September 13, 2022

Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37963.

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability.

CVE-2022-38007 7.8 - High - September 13, 2022

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability.

Improper Privilege Management

Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability.

CVE-2022-37959 6.5 - Medium - September 13, 2022

Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-38006 6.5 - Medium - September 13, 2022

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-35837.

Exposure of Resource to Wrong Sphere

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.

CVE-2022-37958 7.5 - High - September 13, 2022

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability.

Exposure of Resource to Wrong Sphere

Windows Print Spooler Elevation of Privilege Vulnerability.

CVE-2022-38005 7.8 - High - September 13, 2022

Windows Print Spooler Elevation of Privilege Vulnerability.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37957 7.8 - High - September 13, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37956, CVE-2022-37964.

Windows Fax Service Remote Code Execution Vulnerability.

CVE-2022-38004 7.8 - High - September 13, 2022

Windows Fax Service Remote Code Execution Vulnerability.

Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-37956 7.8 - High - September 13, 2022

Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-37957, CVE-2022-37964.

Windows Group Policy Elevation of Privilege Vulnerability.

CVE-2022-37955 7.8 - High - September 13, 2022

Windows Group Policy Elevation of Privilege Vulnerability.

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

CVE-2022-37954 7.8 - High - September 13, 2022

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

Improper Privilege Management

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-34734 7.8 - High - September 13, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34732.

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-34733 8.8 - High - September 13, 2022

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-34732 7.8 - High - September 13, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34730, CVE-2022-34734.

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-34731 8.8 - High - September 13, 2022

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.

Windows GDI Elevation of Privilege Vulnerability.

CVE-2022-34729 7.8 - High - September 13, 2022

Windows GDI Elevation of Privilege Vulnerability.

Windows Event Tracing Denial of Service Vulnerability.

CVE-2022-35832 5.5 - Medium - September 13, 2022

Windows Event Tracing Denial of Service Vulnerability.

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-35834 8.8 - High - September 13, 2022

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35835, CVE-2022-35836, CVE-2022-35840.

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-35835 8.8 - High - September 13, 2022

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35836, CVE-2022-35840.

Code Injection

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-35836 8.8 - High - September 13, 2022

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35840.

Code Injection

Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-35837 5.5 - Medium - September 13, 2022

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.

Exposure of Resource to Wrong Sphere

HTTP V3 Denial of Service Vulnerability.

CVE-2022-35838 7.5 - High - September 13, 2022

HTTP V3 Denial of Service Vulnerability.

Resource Exhaustion

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2022-35840 8.8 - High - September 13, 2022

Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34731, CVE-2022-34733, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836.

Windows Enterprise App Management Service Remote Code Execution Vulnerability.

CVE-2022-35841 8.8 - High - September 13, 2022

Windows Enterprise App Management Service Remote Code Execution Vulnerability.

Improper Privilege Management

Windows TCP/IP Remote Code Execution Vulnerability.

CVE-2022-34718 9.8 - Critical - September 13, 2022

Windows TCP/IP Remote Code Execution Vulnerability.

Windows Distributed File System (DFS) Elevation of Privilege Vulnerability.

CVE-2022-34719 7.8 - High - September 13, 2022

Windows Distributed File System (DFS) Elevation of Privilege Vulnerability.

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34721 9.8 - Critical - September 13, 2022

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-34730 7.8 - High - September 13, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34727, CVE-2022-34732, CVE-2022-34734.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2022-34728 5.5 - Medium - September 13, 2022

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-35837, CVE-2022-38006.

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-34727 8.8 - High - September 13, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34726, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2022-34726 8.8 - High - September 13, 2022

Microsoft ODBC Driver Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34727, CVE-2022-34730, CVE-2022-34732, CVE-2022-34734.

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability.

CVE-2022-34720 7.5 - High - September 13, 2022

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability.

Windows DNS Server Denial of Service Vulnerability.

CVE-2022-34724 7.5 - High - September 13, 2022

Windows DNS Server Denial of Service Vulnerability.

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-34722 9.8 - Critical - September 13, 2022

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34721.

Windows ALPC Elevation of Privilege Vulnerability.

CVE-2022-34725 7 - High - September 13, 2022

Windows ALPC Elevation of Privilege Vulnerability.

Race Condition

Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability.

CVE-2022-34723 5.5 - Medium - September 13, 2022

Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability.

A flaw was found in Eurosoft bootloaders before 2022-06-01

CVE-2022-34303 6.7 - Medium - August 26, 2022

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01

CVE-2022-34301 6.7 - Medium - August 26, 2022

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.