Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | |||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2023-03-03 | 4.6 MEDIUM | 7.4 HIGH |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | |||||
| CVE-2018-3702 | 2 Intel, Microsoft | 2 Ite Tech Consumer Infrared Driver, Windows 10 | 2023-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24588 | 8 Arista, Cisco, Debian and 5 more | 350 C-100, C-100 Firmware, C-110 and 347 more | 2023-03-03 | 2.9 LOW | 3.5 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | |||||
| CVE-2019-4102 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-03-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | |||||
| CVE-2019-4322 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-03-03 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. | |||||
| CVE-2019-4386 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2023-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714. | |||||
| CVE-2019-1170 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-03-03 | 7.2 HIGH | 8.8 HIGH |
| An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka 'Windows NTFS Elevation of Privilege Vulnerability'. | |||||
| CVE-2023-1004 | 2 Marktext, Microsoft | 2 Marktext, Windows | 2023-03-03 | N/A | 7.8 HIGH |
| A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | |||||
| CVE-2023-20858 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2023-03-03 | N/A | 7.2 HIGH |
| VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system. | |||||
| CVE-2022-43578 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2023-03-02 | N/A | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683. | |||||
| CVE-2022-26841 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2023-03-02 | N/A | 5.5 MEDIUM |
| Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2023-03-02 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability. | |||||
| CVE-2022-41040 | 1 Microsoft | 1 Exchange Server | 2023-03-02 | N/A | 8.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability. | |||||
| CVE-2022-41128 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2023-03-02 | N/A | 8.8 HIGH |
| Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118. | |||||
| CVE-2023-22236 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2023-03-02 | N/A | 7.8 HIGH |
| Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-22234 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2023-03-02 | N/A | 7.8 HIGH |
| Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-14211 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2023-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript. | |||||
| CVE-2023-25928 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-03-02 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646. | |||||
| CVE-2023-21622 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-03-01 | N/A | 7.8 HIGH |
| FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||