Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21802 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.8 HIGH |
| Windows Media Remote Code Execution Vulnerability | |||||
| CVE-2023-21800 | 1 Microsoft | 1 Windows Server 2008 | 2023-02-23 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-21704 | 1 Microsoft | 1 Sql Server | 2023-02-23 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21701 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.5 HIGH |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | |||||
| CVE-2023-21703 | 1 Microsoft | 2 Azure Data Box Gateway, Azure Stack Edge | 2023-02-23 | N/A | 7.2 HIGH |
| Azure Data Box Gateway Remote Code Execution Vulnerability | |||||
| CVE-2023-21702 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.5 HIGH |
| Windows iSCSI Service Denial of Service Vulnerability | |||||
| CVE-2023-21699 | 1 Microsoft | 10 Windows 10, Windows 10 1607, Windows 10 1809 and 7 more | 2023-02-23 | N/A | 5.3 MEDIUM |
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | |||||
| CVE-2023-21700 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 7.5 HIGH |
| Windows iSCSI Discovery Service Denial of Service Vulnerability | |||||
| CVE-2023-21697 | 1 Microsoft | 10 Windows 10, Windows 10 1607, Windows 10 1809 and 7 more | 2023-02-23 | N/A | 5.5 MEDIUM |
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | |||||
| CVE-2023-21695 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 8.8 HIGH |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||
| CVE-2023-21694 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-02-23 | N/A | 6.8 MEDIUM |
| Windows Fax Service Remote Code Execution Vulnerability | |||||
| CVE-2022-45455 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2023-02-22 | N/A | 7.8 HIGH |
| Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2022-45454 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2023-02-22 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | |||||
| CVE-2021-37712 | 5 Debian, Microsoft, Npmjs and 2 more | 5 Debian Linux, Windows, Tar and 2 more | 2023-02-22 | 4.4 MEDIUM | 8.6 HIGH |
| The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p. | |||||
| CVE-2021-44226 | 2 Microsoft, Razer | 2 Windows, Synapse | 2023-02-22 | 6.9 MEDIUM | 7.3 HIGH |
| Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there. | |||||
| CVE-2023-21573 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21571 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21572 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 6.5 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21570 | 1 Microsoft | 1 Dynamics 365 | 2023-02-22 | N/A | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2023-21564 | 1 Microsoft | 1 Azure Devops Server | 2023-02-22 | N/A | 7.1 HIGH |
| Azure DevOps Server Cross-Site Scripting Vulnerability | |||||