The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported.
Source: GitHub, Inc.
Max CVSS
3.9
EPSS Score
0.04%
Published
2024-04-16
Updated
2024-04-17
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Source: Microsoft Corporation
Max CVSS
3.9
EPSS Score
0.05%
Published
2024-03-14
Updated
2024-06-11
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.06%
Published
2024-01-26
Updated
2024-06-11
Microsoft Power Apps Spoofing Vulnerability
Source: Microsoft Corporation
Max CVSS
3.0
EPSS Score
0.05%
Published
2023-06-14
Updated
2024-05-29
Microsoft Access Denial of Service Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.10%
Published
2023-05-09
Updated
2023-05-15
Windows Snipping Tool Information Disclosure Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.06%
Published
2023-06-13
Updated
2024-05-29
Microsoft Edge (Chromium-based) Tampering Vulnerability
Source: Microsoft Corporation
Max CVSS
3.7
EPSS Score
0.10%
Published
2023-04-11
Updated
2024-05-29
Microsoft SharePoint Server Spoofing Vulnerability
Source: Microsoft Corporation
Max CVSS
3.1
EPSS Score
0.08%
Published
2023-03-14
Updated
2024-05-29
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-01-10
Updated
2023-04-27
Microsoft Office Information Disclosure Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-10-11
Updated
2023-12-20
Windows Kernel Elevation of Privilege Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.04%
Published
2022-10-11
Updated
2023-12-20
Azure Arc Jumpstart Information Disclosure Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.10%
Published
2023-05-18
Updated
2023-05-26
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Source: Microsoft Corporation
Max CVSS
3.1
EPSS Score
0.07%
Published
2023-06-29
Updated
2023-07-07
Microsoft Power BI Spoofing Vulnerability
Source: Microsoft Corporation
Max CVSS
3.7
EPSS Score
0.05%
Published
2022-04-15
Updated
2023-06-29
Azure RTOS Information Disclosure Vulnerability
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.11%
Published
2021-11-10
Updated
2023-12-28
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.25%
Published
2021-05-11
Updated
2023-04-01
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
Source: MITRE
Max CVSS
3.3
EPSS Score
0.05%
Published
2021-01-11
Updated
2021-01-14
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-12-10
Updated
2020-08-24
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.09%
Published
2019-11-12
Updated
2019-11-14
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481.
Source: Microsoft Corporation
Max CVSS
3.1
EPSS Score
1.34%
Published
2018-10-10
Updated
2020-08-24
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482.
Source: Microsoft Corporation
Max CVSS
3.1
EPSS Score
1.34%
Published
2018-10-10
Updated
2020-08-24
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.06%
Published
2018-09-13
Updated
2019-10-03
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
Source: Microsoft Corporation
Max CVSS
3.1
EPSS Score
1.72%
Published
2018-09-13
Updated
2018-11-20
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Source: Microsoft Corporation
Max CVSS
3.3
EPSS Score
0.08%
Published
2018-04-12
Updated
2019-10-03
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
Source: Microsoft Corporation
Max CVSS
3.1
EPSS Score
8.65%
Published
2018-03-14
Updated
2019-05-08
70 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!