CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Microsoft : Security Vulnerabilities

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-30846 522 2023-04-26 2023-05-05
0.0
 None ??? ??? ??? ??? ??? ???
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.
2 CVE-2023-29354 Bypass 2023-05-05 2023-05-11
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
3 CVE-2023-29350 2023-05-05 2023-05-11
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
4 CVE-2023-29343 2023-05-09 2023-05-16
0.0
 None ??? ??? ??? ??? ??? ???
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
5 CVE-2023-29341 Exec Code 2023-05-09 2023-05-16
0.0
 None ??? ??? ??? ??? ??? ???
AV1 Video Extension Remote Code Execution Vulnerability
6 CVE-2023-29340 Exec Code 2023-05-09 2023-05-16
0.0
 None ??? ??? ??? ??? ??? ???
AV1 Video Extension Remote Code Execution Vulnerability
7 CVE-2023-29338 2023-05-09 2023-05-16
0.0
 None ??? ??? ??? ??? ??? ???
Visual Studio Code Information Disclosure Vulnerability
8 CVE-2023-29336 2023-05-09 2023-05-16
0.0
 None ??? ??? ??? ??? ??? ???
Win32k Elevation of Privilege Vulnerability
9 CVE-2023-29335 Bypass 2023-05-09 2023-05-15
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Word Security Feature Bypass Vulnerability
10 CVE-2023-29334 2023-04-28 2023-05-08
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Spoofing Vulnerability
11 CVE-2023-29333 DoS 2023-05-09 2023-05-15
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Access Denial of Service Vulnerability
12 CVE-2023-29325 Exec Code 2023-05-09 2023-05-15
0.0
 None ??? ??? ??? ??? ??? ???
Windows OLE Remote Code Execution Vulnerability
13 CVE-2023-29324 Bypass 2023-05-09 2023-05-15
0.0
 None ??? ??? ??? ??? ??? ???
Windows MSHTML Platform Security Feature Bypass Vulnerability
14 CVE-2023-28314 79 XSS 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
15 CVE-2023-28313 79 XSS 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
16 CVE-2023-28312 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Azure Machine Learning Information Disclosure Vulnerability
17 CVE-2023-28311 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Word Remote Code Execution Vulnerability
18 CVE-2023-28309 79 XSS 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
19 CVE-2023-28308 362 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows DNS Server Remote Code Execution Vulnerability
20 CVE-2023-28307 362 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows DNS Server Remote Code Execution Vulnerability
21 CVE-2023-28306 362 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows DNS Server Remote Code Execution Vulnerability
22 CVE-2023-28305 362 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows DNS Server Remote Code Execution Vulnerability
23 CVE-2023-28304 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
24 CVE-2023-28302 DoS 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Message Queuing Denial of Service Vulnerability
25 CVE-2023-28301 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Tampering Vulnerability
26 CVE-2023-28300 Bypass 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Azure Service Connector Security Feature Bypass Vulnerability
27 CVE-2023-28299 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Visual Studio Spoofing Vulnerability
28 CVE-2023-28298 DoS 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows Kernel Denial of Service Vulnerability
29 CVE-2023-28297 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
30 CVE-2023-28296 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Visual Studio Remote Code Execution Vulnerability
31 CVE-2023-28293 2023-04-11 2023-05-11
0.0
 None ??? ??? ??? ??? ??? ???
Windows Kernel Elevation of Privilege Vulnerability
32 CVE-2023-28290 2023-05-09 2023-05-15
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
33 CVE-2023-28288 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft SharePoint Server Spoofing Vulnerability
34 CVE-2023-28286 Bypass 2023-04-27 2023-05-08
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
35 CVE-2023-28285 Exec Code 2023-04-11 2023-04-13
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Office Remote Code Execution Vulnerability
36 CVE-2023-28284 Bypass 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
37 CVE-2023-28283 Exec Code 2023-05-09 2023-05-15
0.0
 None ??? ??? ??? ??? ??? ???
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
38 CVE-2023-28278 362 Exec Code 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows DNS Server Remote Code Execution Vulnerability
39 CVE-2023-28277 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows DNS Server Information Disclosure Vulnerability
40 CVE-2023-28276 Bypass 2023-04-11 2023-04-13
0.0
 None ??? ??? ??? ??? ??? ???
Windows Group Policy Security Feature Bypass Vulnerability
41 CVE-2023-28275 Exec Code 2023-04-11 2023-04-13
0.0
 None ??? ??? ??? ??? ??? ???
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
42 CVE-2023-28274 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows Win32k Elevation of Privilege Vulnerability
43 CVE-2023-28273 362 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows Clip Service Elevation of Privilege Vulnerability
44 CVE-2023-28272 2023-04-11 2023-04-13
0.0
 None ??? ??? ??? ??? ??? ???
Windows Kernel Elevation of Privilege Vulnerability
45 CVE-2023-28271 2023-04-11 2023-05-11
0.0
 None ??? ??? ??? ??? ??? ???
Windows Kernel Memory Information Disclosure Vulnerability
46 CVE-2023-28270 Bypass 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows Lock Screen Security Feature Bypass Vulnerability
47 CVE-2023-28269 Bypass 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Windows Boot Manager Security Feature Bypass Vulnerability
48 CVE-2023-28268 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Netlogon RPC Elevation of Privilege Vulnerability
49 CVE-2023-28267 2023-04-11 2023-04-19
0.0
 None ??? ??? ??? ??? ??? ???
Remote Desktop Protocol Client Information Disclosure Vulnerability
50 CVE-2023-28266 2023-04-11 2023-04-13
0.0
 None ??? ??? ??? ??? ??? ???
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.