Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows Server 20162731 vulnerabilities

Microsoft Windows 102582 vulnerabilities

Microsoft Windows Server 20192476 vulnerabilities

Microsoft Windows Server 20121894 vulnerabilities

Microsoft Windows 8.11651 vulnerabilities

Microsoft Windows Server 20081648 vulnerabilities

Microsoft Windows Rt 8 11521 vulnerabilities

Microsoft Windows 71506 vulnerabilities

Microsoft Windows Server 2022764 vulnerabilities

Microsoft Windows 11603 vulnerabilities

Microsoft Internet Explorer (IE)412 vulnerabilities
Popular web browser for windows

Microsoft Office342 vulnerabilities

Microsoft Windows Server282 vulnerabilities

Microsoft Sharepoint Server261 vulnerabilities

Microsoft Windows 11 21h2218 vulnerabilities

Microsoft Windows 10 20h2217 vulnerabilities

Microsoft Windows 10 21h2216 vulnerabilities

Microsoft Windows 11 22h2216 vulnerabilities

Microsoft Windows 10 22h2215 vulnerabilities

Microsoft Windows 10 1809214 vulnerabilities

Microsoft Windows 10 1607202 vulnerabilities

Microsoft ChakraCore184 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Foundation179 vulnerabilities

Microsoft 365 Apps158 vulnerabilities

Microsoft Ie146 vulnerabilities

Microsoft Windows 10 1507111 vulnerabilities

Microsoft Excel109 vulnerabilities
Spreadsheet Software

Microsoft Exchange Server103 vulnerabilities

Microsoft Edge Chromium96 vulnerabilities

Microsoft Office Online Server93 vulnerabilities

Microsoft Visual Studio 201985 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Visual Studio 201772 vulnerabilities

Microsoft Word64 vulnerabilities

Microsoft Edge Browser57 vulnerabilities
Web Browser based on Chromium

Microsoft Office Web Apps51 vulnerabilities

Microsoft Dynamics 36550 vulnerabilities

Microsoft Visual Studio Code43 vulnerabilities

Microsoft Windows Nt43 vulnerabilities

Microsoft Outlook43 vulnerabilities

Microsoft Azure Site Recovery36 vulnerabilities

Microsoft .NET Core32 vulnerabilities

Microsoft Windows XP32 vulnerabilities

Microsoft Windows 200032 vulnerabilities

Microsoft Azure Devops Server29 vulnerabilities

Microsoft Visual Studio 202228 vulnerabilities

Microsoft Visual Studio28 vulnerabilities
Developer IDE

Microsoft Azure Sphere27 vulnerabilities

Microsoft ASP.NET Core24 vulnerabilities

Microsoft Windows Vista23 vulnerabilities

Microsoft Net22 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Windows 2003 Server17 vulnerabilities

Microsoft Excel Viewer17 vulnerabilities

Microsoft Windows Server 200317 vulnerabilities

Microsoft 3d Builder16 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft SQL Server15 vulnerabilities
Database Server

Microsoft Onedrive13 vulnerabilities

Microsoft Defender For Iot13 vulnerabilities

Microsoft Powershell12 vulnerabilities

Microsoft Remote Desktop12 vulnerabilities

Microsoft Office Word Viewer10 vulnerabilities

Microsoft Skype For Business10 vulnerabilities

Microsoft Raw Image Extension10 vulnerabilities

Microsoft Windows 989 vulnerabilities

Microsoft Lync9 vulnerabilities

Microsoft Dynamics Nav9 vulnerabilities

Microsoft Lync Server8 vulnerabilities

Microsoft Powerpoint8 vulnerabilities

Microsoft Visio8 vulnerabilities

Microsoft 3d Viewer7 vulnerabilities

Microsoft Excel 2013 Rt7 vulnerabilities

Microsoft Office 3657 vulnerabilities

Microsoft Windows 957 vulnerabilities

Microsoft Office For Mac7 vulnerabilities

Microsoft Outlook Express7 vulnerabilities

Microsoft Windows 87 vulnerabilities

Microsoft Windows6 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2023-32024 Microsoft Power Apps Spoofing Vulnerability June 13, 2023
CVE-2023-2929 Chromium: CVE-2023-2929 Out of bounds write in Swiftshader June 2, 2023
CVE-2023-2941 Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API June 2, 2023
CVE-2023-2933 Chromium: CVE-2023-2933 Use after free in PDF June 2, 2023
CVE-2023-2934 Chromium: CVE-2023-2934 Out of bounds memory access in Mojo June 2, 2023
CVE-2023-2935 Chromium: CVE-2023-2935 Type Confusion in V8 June 2, 2023
CVE-2023-29345 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability June 2, 2023
CVE-2023-2932 Chromium: CVE-2023-2932 Use after free in PDF June 2, 2023
CVE-2023-33143 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability June 2, 2023
CVE-2023-2931 Chromium: CVE-2023-2931 Use after free in PDF June 2, 2023

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Win32K Privilege Escalation Vulnerability Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. CVE-2023-29336 May 9, 2023
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-28252 April 11, 2023
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context. CVE-2019-1388 April 7, 2023
Microsoft Internet Explorer Memory Corruption Vulnerability Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. CVE-2013-3163 March 30, 2023
Microsoft Office Outlook Privilege Escalation Vulnerability Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. CVE-2023-23397 March 14, 2023
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2023-24880 March 14, 2023
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-23376 February 14, 2023
Microsoft Windows Graphic Component Privilege Escalation Vulnerability Microsoft Windows Graphic Component contains an unspecified vulnerability which allows for privilege escalation. CVE-2023-21823 February 14, 2023
Microsoft Office Security Feature Bypass Vulnerability Microsoft Office contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system. CVE-2023-21715 February 14, 2023
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-21674 January 10, 2023
Microsoft Exchange Server Privilege Escalation Vulnerability Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution. CVE-2022-41080 January 10, 2023
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2022-44698 December 13, 2022
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41049 November 14, 2022
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. CVE-2022-41128 November 8, 2022
Microsoft Windows Print Spooler Privilege Escalation Vulnerability Microsoft Windows Print Spooler contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41073 November 8, 2022
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability which allows an attacker to gain SYSTEM-level privileges. CVE-2022-41125 November 8, 2022
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2022-41091 November 8, 2022
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. CVE-2022-41033 October 11, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server contains an unspecified vulnerability which allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution. CVE-2022-41082 September 30, 2022
Microsoft Exchange Server Server-Side Request Forgery Vulnerability Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. CVE-2022-41040 September 30, 2022

By the Year

In 2023 there have been 625 vulnerabilities in Microsoft with an average score of 7.3 out of ten. Last year Microsoft had 1284 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Microsoft in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.17

Year Vulnerabilities Average Score
2023 625 7.27
2022 1284 7.44
2021 1108 7.55
2020 1192 7.35
2019 759 7.23
2018 578 6.88

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-33143 7.5 - High - June 03, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Outlook Denial of Service Vulnerability

CVE-2022-35742 7.5 - High - June 01, 2023

Microsoft Outlook Denial of Service Vulnerability

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVE-2022-35743 7.8 - High - May 31, 2023

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

CVE-2022-35744 9.8 - Critical - May 31, 2023

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-35745 8.1 - High - May 31, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVE-2022-35746 7.8 - High - May 31, 2023

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

CVE-2022-35747 5.9 - Medium - May 31, 2023

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

HTTP.sys Denial of Service Vulnerability

CVE-2022-35748 7.5 - High - May 31, 2023

HTTP.sys Denial of Service Vulnerability

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVE-2022-35749 7.8 - High - May 31, 2023

Windows Digital Media Receiver Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2022-35750 7.8 - High - May 31, 2023

Win32k Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2022-35751 7.8 - High - May 31, 2023

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-35752 8.1 - High - May 31, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2022-35753 8.1 - High - May 31, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Unified Write Filter Elevation of Privilege Vulnerability

CVE-2022-35754 6.7 - Medium - May 31, 2023

Unified Write Filter Elevation of Privilege Vulnerability

Windows Print Spooler Elevation of Privilege Vulnerability

CVE-2022-35755 7.3 - High - May 31, 2023

Windows Print Spooler Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2022-35756 7.8 - High - May 31, 2023

Windows Kerberos Elevation of Privilege Vulnerability

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2022-35757 7.3 - High - May 31, 2023

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2022-35758 5.5 - Medium - May 31, 2023

Windows Kernel Memory Information Disclosure Vulnerability

Windows Local Security Authority (LSA) Denial of Service Vulnerability

CVE-2022-35759 6.5 - Medium - May 31, 2023

Windows Local Security Authority (LSA) Denial of Service Vulnerability

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90

CVE-2023-2941 4.3 - Medium - May 30, 2023

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90

CVE-2023-2929 8.8 - High - May 30, 2023

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Use after free in Extensions in Google Chrome prior to 114.0.5735.90

CVE-2023-2930 8.8 - High - May 30, 2023

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2931 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2932 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Use after free in PDF in Google Chrome prior to 114.0.5735.90

CVE-2023-2933 8.8 - High - May 30, 2023

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Dangling pointer

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90

CVE-2023-2934 8.8 - High - May 30, 2023

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90

CVE-2023-2935 8.8 - High - May 30, 2023

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90

CVE-2023-2936 8.8 - High - May 30, 2023

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90

CVE-2023-2937 4.3 - Medium - May 30, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90

CVE-2023-2938 4.3 - Medium - May 30, 2023

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90

CVE-2023-2939 7.8 - High - May 30, 2023

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)

insecure temporary file

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90

CVE-2023-2940 6.5 - Medium - May 30, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Azure Arc Jumpstart Information Disclosure Vulnerability

CVE-2022-35798 3.3 - Low - May 18, 2023

Azure Arc Jumpstart Information Disclosure Vulnerability

Use after free in Navigation in Google Chrome prior to 113.0.5672.126

CVE-2023-2721 8.8 - High - May 16, 2023

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Dangling pointer

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126

CVE-2023-2722 8.8 - High - May 16, 2023

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in DevTools in Google Chrome prior to 113.0.5672.126

CVE-2023-2723 8.8 - High - May 16, 2023

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type confusion in V8 in Google Chrome prior to 113.0.5672.126

CVE-2023-2724 8.8 - High - May 16, 2023

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Guest View in Google Chrome prior to 113.0.5672.126

CVE-2023-2725 8.8 - High - May 16, 2023

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126

CVE-2023-2726 8.8 - High - May 16, 2023

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

In Qt before 5.15.14

CVE-2023-32573 6.5 - Medium - May 10, 2023

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

Divide By Zero

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

CVE-2023-2610 7.8 - High - May 09, 2023

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

Integer Overflow or Wraparound

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2023-24950 6.5 - Medium - May 09, 2023

Microsoft SharePoint Server Spoofing Vulnerability

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

CVE-2023-2609 7.8 - High - May 09, 2023

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

NULL Pointer Dereference

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

CVE-2023-28290 5.3 - Medium - May 09, 2023

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-24949 7.8 - High - May 09, 2023

Windows Kernel Elevation of Privilege Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-24953 7.8 - High - May 09, 2023

Microsoft Excel Remote Code Execution Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2023-24954 6.5 - Medium - May 09, 2023

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2023-24955 7.2 - High - May 09, 2023

Microsoft SharePoint Server Remote Code Execution Vulnerability

Windows MSHTML Platform Security Feature Bypass Vulnerability

CVE-2023-29324 6.5 - Medium - May 09, 2023

Windows MSHTML Platform Security Feature Bypass Vulnerability

Microsoft Word Security Feature Bypass Vulnerability

CVE-2023-29335 7.5 - High - May 09, 2023

Microsoft Word Security Feature Bypass Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2023-29336 7.8 - High - May 09, 2023

Win32k Elevation of Privilege Vulnerability

Visual Studio Code Information Disclosure Vulnerability

CVE-2023-29338 5 - Medium - May 09, 2023

Visual Studio Code Information Disclosure Vulnerability

AV1 Video Extension Remote Code Execution Vulnerability

CVE-2023-29340 7.8 - High - May 09, 2023

AV1 Video Extension Remote Code Execution Vulnerability

AV1 Video Extension Remote Code Execution Vulnerability

CVE-2023-29341 7.8 - High - May 09, 2023

AV1 Video Extension Remote Code Execution Vulnerability

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

CVE-2023-29343 7.8 - High - May 09, 2023

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2023-24932 6.7 - Medium - May 09, 2023

Secure Boot Security Feature Bypass Vulnerability

Windows Driver Revocation List Security Feature Bypass Vulnerability

CVE-2023-28251 5.5 - Medium - May 09, 2023

Windows Driver Revocation List Security Feature Bypass Vulnerability

Windows Installer Elevation of Privilege Vulnerability

CVE-2023-24904 7.1 - High - May 09, 2023

Windows Installer Elevation of Privilege Vulnerability

Windows OLE Remote Code Execution Vulnerability

CVE-2023-29325 7.5 - High - May 09, 2023

Windows OLE Remote Code Execution Vulnerability

Microsoft Access Denial of Service Vulnerability

CVE-2023-29333 3.3 - Low - May 09, 2023

Microsoft Access Denial of Service Vulnerability

Windows Bluetooth Driver Elevation of Privilege Vulnerability

CVE-2023-24948 7.4 - High - May 09, 2023

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Windows Bluetooth Driver Remote Code Execution Vulnerability

CVE-2023-24947 8.8 - High - May 09, 2023

Windows Bluetooth Driver Remote Code Execution Vulnerability

Windows Backup Service Elevation of Privilege Vulnerability

CVE-2023-24946 7.8 - High - May 09, 2023

Windows Backup Service Elevation of Privilege Vulnerability

Windows iSCSI Target Service Information Disclosure Vulnerability

CVE-2023-24945 5.5 - Medium - May 09, 2023

Windows iSCSI Target Service Information Disclosure Vulnerability

Windows Bluetooth Driver Information Disclosure Vulnerability

CVE-2023-24944 6.5 - Medium - May 09, 2023

Windows Bluetooth Driver Information Disclosure Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2023-24905 7.8 - High - May 09, 2023

Remote Desktop Client Remote Code Execution Vulnerability

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-24943 9.8 - Critical - May 09, 2023

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

CVE-2023-24903 8.1 - High - May 09, 2023

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Race Condition

Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-24942 7.5 - High - May 09, 2023

Remote Procedure Call Runtime Denial of Service Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2023-24902 7.8 - High - May 09, 2023

Win32k Elevation of Privilege Vulnerability

Windows Network File System Remote Code Execution Vulnerability

CVE-2023-24941 9.8 - Critical - May 09, 2023

Windows Network File System Remote Code Execution Vulnerability

Windows NFS Portmapper Information Disclosure Vulnerability

CVE-2023-24901 7.5 - High - May 09, 2023

Windows NFS Portmapper Information Disclosure Vulnerability

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

CVE-2023-24940 7.5 - High - May 09, 2023

Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

Windows NTLM Security Support Provider Information Disclosure Vulnerability

CVE-2023-24900 5.9 - Medium - May 09, 2023

Windows NTLM Security Support Provider Information Disclosure Vulnerability

Server for NFS Denial of Service Vulnerability

CVE-2023-24939 7.5 - High - May 09, 2023

Server for NFS Denial of Service Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2023-24899 7 - High - May 09, 2023

Windows Graphics Component Elevation of Privilege Vulnerability

Race Condition

Windows SMB Denial of Service Vulnerability

CVE-2023-24898 7.5 - High - May 09, 2023

Windows SMB Denial of Service Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2023-28283 8.1 - High - May 09, 2023

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes

CVE-2023-2513 6.7 - Medium - May 08, 2023

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

Dangling pointer

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-29354 4.7 - Medium - May 05, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-29350 7.5 - High - May 05, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63

CVE-2023-2468 4.3 - Medium - May 03, 2023

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63

CVE-2023-2467 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2466 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63

CVE-2023-2465 4.3 - Medium - May 03, 2023

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63

CVE-2023-2464 4.3 - Medium - May 03, 2023

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63

CVE-2023-2463 4.3 - Medium - May 03, 2023

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2462 4.3 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63

CVE-2023-2460 7.1 - High - May 03, 2023

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Improper Input Validation

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63

CVE-2023-2459 6.5 - Medium - May 03, 2023

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation

CVE-2023-2235 7.8 - High - May 01, 2023

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

Dangling pointer

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

CVE-2023-2426 5.5 - Medium - April 29, 2023

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.

Untrusted pointer offset

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-29334 4.3 - Medium - April 28, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13

CVE-2023-31436 7.8 - High - April 28, 2023

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

Memory Corruption

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-21712 8.1 - High - April 27, 2023

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Race Condition

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-28286 6.1 - Medium - April 27, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-28261 8.1 - High - April 27, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript

CVE-2023-30846 7.5 - High - April 26, 2023

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function

CVE-2023-0458 4.7 - Medium - April 26, 2023

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11

NULL Pointer Dereference

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events

CVE-2023-2019 4.4 - Medium - April 24, 2023

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.