.NET Framework Information Disclosure Vulnerability
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-23
Updated
2024-03-25
Xbox Gaming Services Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Outlook for Android Information Disclosure Vulnerability
Max CVSS
7.5
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Azure Data Studio Elevation of Privilege Vulnerability
Max CVSS
7.3
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Max CVSS
8.2
EPSS Score
0.09%
Published
2024-02-23
Updated
2024-02-26
Microsoft QUIC Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Kernel Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Windows Error Reporting Service Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-03-12
Updated
2024-03-12
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Visual Studio Code Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-03-12
Microsoft ODBC Driver Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Microsoft ODBC Driver Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.
Max CVSS
9.8
EPSS Score
0.67%
Published
2024-01-09
Updated
2024-01-12
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.
Max CVSS
8.8
EPSS Score
0.07%
Published
2024-01-10
Updated
2024-01-19
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-01-10
Updated
2024-01-19
Microsoft ODBC Driver Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!