Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28927 | 2 Libretro, Microsoft | 2 Retroarch, Windows | 2022-05-27 | 4.6 MEDIUM | 7.8 HIGH |
| The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. | |||||
| CVE-2021-31985 | 1 Microsoft | 1 Malware Protection Engine | 2022-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2022-21999 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. | |||||
| CVE-2022-28182 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 6.8 MEDIUM | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | |||||
| CVE-2022-28181 | 3 Linux, Microsoft, Nvidia | 4 Linux Kernel, Windows, Gpu Display Driver and 1 more | 2022-05-26 | 6.9 MEDIUM | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | |||||
| CVE-2022-28186 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. | |||||
| CVE-2022-22009 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2022-05-26 | 4.4 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. | |||||
| CVE-2022-22008 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2022-05-26 | 6.9 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. | |||||
| CVE-2022-28188 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service. | |||||
| CVE-2022-24515 | 1 Microsoft | 1 Azure Site Recovery | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24506, CVE-2022-24518, CVE-2022-24519. | |||||
| CVE-2022-24466 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-05-26 | 2.3 LOW | 4.1 MEDIUM |
| Windows Hyper-V Security Feature Bypass Vulnerability. | |||||
| CVE-2022-24537 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2022-05-26 | 6.9 MEDIUM | 7.8 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257. | |||||
| CVE-2021-44705 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-05-25 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-44707 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-05-25 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2022-05-25 | 8.5 HIGH | 7.5 HIGH |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | |||||
| CVE-2022-30055 | 2 Mersenne, Microsoft | 2 Prime95, Windows | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | |||||
| CVE-2022-22484 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2022-05-25 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322. | |||||
| CVE-2022-29121 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2022-05-25 | 3.3 LOW | 6.5 MEDIUM |
| Windows WLAN AutoConfig Service Denial of Service Vulnerability. | |||||
| CVE-2020-3766 | 2 Adobe, Microsoft | 2 Genuine Integrity Service, Windows | 2022-05-24 | 7.2 HIGH | 7.8 HIGH |
| Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-3926 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2022-05-24 | 7.8 HIGH | 7.5 HIGH |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | |||||