Total
3924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-06-14 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-30080 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-06-12 | N/A | 9.8 CRITICAL |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2023-29412 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2024-06-12 | N/A | 9.8 CRITICAL |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. | |||||
| CVE-2024-21408 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-06-11 | N/A | 5.5 MEDIUM |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-06-11 | N/A | 7.6 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2024-20674 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-06-11 | N/A | 8.8 HIGH |
| Windows Kerberos Security Feature Bypass Vulnerability | |||||
| CVE-2024-20666 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-06-11 | N/A | 6.6 MEDIUM |
| BitLocker Security Feature Bypass Vulnerability | |||||
| CVE-2023-20588 | 5 Amd, Debian, Fedoraproject and 2 more | 78 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 75 more | 2024-06-10 | N/A | 5.5 MEDIUM |
| A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | |||||
| CVE-2023-50387 | 8 Fedoraproject, Isc, Microsoft and 5 more | 13 Fedora, Bind, Windows Server 2008 and 10 more | 2024-06-10 | N/A | 7.5 HIGH |
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | |||||
| CVE-2023-20569 | 4 Amd, Debian, Fedoraproject and 1 more | 296 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 293 more | 2024-06-10 | N/A | 4.7 MEDIUM |
| A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | |||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-06-10 | N/A | 8.4 HIGH |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2019-1227 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | |||||
| CVE-2019-1226 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | |||||
| CVE-2019-1225 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory. | |||||
| CVE-2019-1224 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory. | |||||
| CVE-2019-1223 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services. The update addresses the vulnerability by correcting how RDP handles connection requests. | |||||
| CVE-2019-1222 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | |||||
| CVE-2019-1212 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-05-29 | 7.8 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding. To exploit the vulnerability, a remote unauthenticated attacker could send a specially crafted packet to an affected DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets. | |||||
| CVE-2019-1206 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. | |||||
| CVE-2019-1198 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 7.5 HIGH | 6.5 MEDIUM |
| An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running. The update addresses the vulnerability by correcting how the SyncController.dll handles processes these requests. | |||||