ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Total
21999 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51459 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 8.4 High |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | ||||
| CVE-2024-43186 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 5.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | ||||
| CVE-2024-51477 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. | ||||
| CVE-2024-7577 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 4.4 Medium |
| IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | ||||
| CVE-2024-55895 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 2.7 Low |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2025-1095 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Personal Communications, Linux Kernel and 1 more | 2025-09-01 | 8.8 High |
| IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | ||||
| CVE-2024-49808 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-09-01 | 6.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. | ||||
| CVE-2024-45651 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-09-01 | 6.3 Medium |
| IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-27907 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-09-01 | 4.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-22351 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-09-01 | 6.3 Medium |
| IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2024-6769 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-08-30 | 6.7 Medium |
| A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. | ||||
| CVE-2025-9578 | 2 Acronis, Microsoft | 2 Cyber Protect Cloud Agent, Windows | 2025-08-29 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | ||||
| CVE-2025-30038 | 1 Microsoft | 1 Windows | 2025-08-29 | N/A |
| The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. | ||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2025-08-29 | 8.4 High |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||
| CVE-2020-17158 | 1 Microsoft | 1 Dynamics 365 | 2025-08-29 | 8.8 High |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||||
| CVE-2020-17156 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2025-08-29 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2020-17153 | 1 Microsoft | 1 Edge | 2025-08-29 | 4.3 Medium |
| Microsoft Edge for Android Spoofing Vulnerability | ||||
| CVE-2020-17152 | 1 Microsoft | 1 Dynamics 365 | 2025-08-29 | 8.8 High |
| Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | ||||
| CVE-2020-17150 | 1 Microsoft | 1 Tslint | 2025-08-29 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2020-17148 | 1 Microsoft | 1 Visual Studio Code | 2025-08-29 | 7.8 High |
| Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | ||||