Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23190 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23195 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23196 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23204 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23200 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2022-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23199 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23198 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23197 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23189 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42713 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2022-02-23 | 7.2 HIGH | 7.8 HIGH |
| Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2021-42714 | 2 Microsoft, Splashtop | 2 Windows, Splashtop | 2022-02-23 | 7.2 HIGH | 7.8 HIGH |
| Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2022-23188 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-23 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted malicious file in Illustrator. | |||||
| CVE-2022-23186 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-02-23 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-16864 | 2 Enterprisedt, Microsoft | 2 Completeftp Server, Windows | 2022-02-23 | 8.5 HIGH | 8.8 HIGH |
| CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM. | |||||
| CVE-2022-0483 | 2 Acronis, Microsoft | 2 Vss Doctor, Windows | 2022-02-22 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | |||||
| CVE-2007-2161 | 1 Microsoft | 1 Internet Explorer | 2022-02-18 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2010-3886 | 1 Microsoft | 1 Internet Explorer | 2022-02-18 | 4.3 MEDIUM | N/A |
| The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. | |||||
| CVE-2021-37980 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2022-02-18 | 4.3 MEDIUM | 7.4 HIGH |
| Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. | |||||
| CVE-2016-2408 | 2 Microsoft, Pulsesecure | 5 Windows, Odyssey Access Client, Pulse Secure Desktop and 2 more | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | |||||
| CVE-2022-0021 | 2 Microsoft, Paloaltonetworks | 2 Windows, Globalprotect | 2022-02-17 | 1.9 LOW | 5.5 MEDIUM |
| An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. | |||||