Filtered by vendor Microsoft
Subscriptions
Total
22138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41783 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-07-25 | 9.1 Critical |
| IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input. | ||||
| CVE-2024-28780 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | 5.9 Medium |
| IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 Rich Client uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-47111 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-07-25 | 5.5 Medium |
| Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-47112 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-07-25 | 5.5 Medium |
| Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2010-0425 | 5 Apache, Broadcom, Ibm and 2 more | 6 Http Server, Vmware Ace Management Server, Http Server and 3 more | 2025-07-24 | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | ||||
| CVE-2022-35768 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-34707 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-30206 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2022-30165 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-07-24 | 8.8 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2022-29126 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2025-07-24 | 7 High |
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | ||||
| CVE-2022-29106 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-07-24 | 7 High |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | ||||
| CVE-2022-26917 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Fax Compose Form Remote Code Execution Vulnerability | ||||
| CVE-2022-24489 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2025-07-24 | 7.8 High |
| Cluster Client Failover (CCF) Elevation of Privilege Vulnerability | ||||
| CVE-2022-24549 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-07-24 | 7.8 High |
| Windows AppX Package Manager Elevation of Privilege Vulnerability | ||||
| CVE-2022-24488 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2025-07-24 | 7.8 High |
| Windows Desktop Bridge Elevation of Privilege Vulnerability | ||||
| CVE-2022-24494 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2022-26916 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Fax Compose Form Remote Code Execution Vulnerability | ||||
| CVE-2022-24765 | 6 Apple, Debian, Fedoraproject and 3 more | 7 Xcode, Debian Linux, Fedora and 4 more | 2025-07-24 | 6 Medium |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | ||||
| CVE-2022-26807 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7 High |
| Windows Work Folder Service Elevation of Privilege Vulnerability | ||||
| CVE-2022-24468 | 1 Microsoft | 1 Azure Site Recovery | 2025-07-24 | 7.2 High |
| Azure Site Recovery Remote Code Execution Vulnerability | ||||