Export limit exceeded: 356857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356857 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10727 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-06-09 | 7.2 High |
| An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root | ||||
| CVE-2026-45446 | 1 Openssl | 1 Openssl | 2026-06-09 | N/A |
| Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's application using these ciphers. AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEAD modes: they accept a key, nonce, optional AAD (bytes that are authenticated but not encrypted), and plaintext, and produces ciphertext plus a 16-byte tag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success only if the tag is verified succesfully. In OpenSSL's provider implementation of these ciphers, the expected tag is computed only when decryption function is invoked with non-empty data. If the caller supplies AAD and then calls `EVP_DecryptFinal_ex()` without invocation of the ciphertext update, which can happen when the received ciphertext length is zero, the tag is never recalculated and still holds its all-zeros value. When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty ciphertext, and all-zeros tag passes authentication under any key they do not know, single-shot. When AES-SIV is used, for mounting the attack it's necessary for the application to reuse the decryption context without resetting the key. AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since OpenSSL 3.2. No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support either AES-GCM-SIV or AES-SIV. To mount an attack, the applications must implement their own protocol and use the EVP interface. Also they must skip the ciphertext update when a message with an empty ciphertext arrives. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as these algorithms are not FIPS approved and the affected code is outside the OpenSSL FIPS module boundary. | ||||
| CVE-2024-43582 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-09 | 8.1 High |
| Remote Desktop Protocol Server Remote Code Execution Vulnerability | ||||
| CVE-2024-43511 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-06-09 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-43527 | 1 Microsoft | 2 Windows 11 24h2, Windows 11 24h2 | 2026-06-09 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-43528 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2026-06-09 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2024-43516 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-06-09 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2024-43614 | 1 Microsoft | 1 Defender For Endpoint | 2026-06-09 | 5.5 Medium |
| Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2024-38179 | 1 Microsoft | 3 Azure Stack Hci, Azure Stack Hci Os 22h2, Azure Stack Hci Os 23h2 | 2026-06-09 | 8.8 High |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | ||||
| CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2026-06-09 | 8.8 High |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | ||||
| CVE-2024-43611 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-06-09 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-38190 | 1 Microsoft | 1 Power Platform | 2026-06-09 | 8.6 High |
| Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | ||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2026-06-09 | 7.5 High |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-43610 | 1 Microsoft | 1 Copilot Studio | 2026-06-09 | 7.4 High |
| Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | ||||
| CVE-2024-43583 | 1 Microsoft | 26 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 23 more | 2026-06-09 | 7.8 High |
| Winlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-43603 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2026-06-09 | 5.5 Medium |
| Visual Studio Collector Service Denial of Service Vulnerability | ||||
| CVE-2024-43599 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-06-09 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2024-43593 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-06-09 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-43592 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-06-09 | 8.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-43590 | 1 Microsoft | 5 Visual C Plus Plus Redistributable Installer, Visual Studio, Visual Studio 2017 and 2 more | 2026-06-09 | 7.8 High |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | ||||