Microsoft Vulnerabilities
Comprehensive security vulnerability database for Microsoft products
4
0
6
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2023-36419 | 8.8 | This vulnerability allows an attacker to gain elevated privileges on Azure HDInsight by exploiting the Apache Oozie Workflow Scheduler, potentially letting them access sensitive data or execute unauthorized actions. To take advantage of this flaw, the attacker must have the ability to submit malicious XML data to the system. | microsoftazure hdinsight | Theoretical | over 2 years agoOct 10, 2023 |
| CVE-2023-38156 | 7.2 | This vulnerability allows an attacker to gain elevated privileges within Azure HDInsight by exploiting a flaw in the Apache Ambari JDBC interface. To take advantage of this, the attacker must have access to the Ambari server, which typically requires some level of authentication or network access. | microsoftazure hdinsight | Exploit Available | over 2 years agoSep 12, 2023 |
| CVE-2020-0919 | 7.8 | This vulnerability allows an attacker to gain higher privileges on a system by loading unauthorized software through the Remote Desktop App for Mac. To exploit this, the attacker needs access to the app, which could happen if the user is tricked into running malicious code. | microsoftwindows app | Exploit Available | almost 6 years agoApr 15, 2020 |
| CVE-2008-0015 | 8.8 | This vulnerability allows an attacker to run any code they want on a victim's computer simply by getting them to visit a specially crafted web page. It affects certain versions of Windows, including Server 2003, and relies on the presence of the vulnerable ActiveX control in the system. | microsoftwindows 2003 server | Exploit Available | over 16 years agoJul 7, 2009 |
About Microsoft Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Microsoft products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.