Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 6504 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34849 2 Intel, Microsoft 2 Iris Xe Max Dedicated Graphics, Windows 2023-03-06 N/A 4.4 MEDIUM
Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-30531 2 Intel, Microsoft 2 Iris Xe Max Dedicated Graphics, Windows 2023-03-06 N/A 5.5 MEDIUM
Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2018-6661 2 Mcafee, Microsoft 2 True Key, Windows 2023-03-03 6.8 MEDIUM 7.8 HIGH
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
CVE-2018-6683 2 Mcafee, Microsoft 2 Data Loss Prevention Endpoint, Windows 2023-03-03 4.6 MEDIUM 7.4 HIGH
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
CVE-2019-4102 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2023-03-03 4.3 MEDIUM 5.9 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.
CVE-2019-4322 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2023-03-03 7.2 HIGH 7.8 HIGH
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.
CVE-2019-4386 4 Ibm, Linux, Microsoft and 1 more 5 Aix, Db2, Linux Kernel and 2 more 2023-03-03 4.0 MEDIUM 6.5 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.
CVE-2023-1004 2 Marktext, Microsoft 2 Marktext, Windows 2023-03-03 N/A 7.8 HIGH
A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.
CVE-2023-20858 2 Microsoft, Vmware 2 Windows, Carbon Black App Control 2023-03-03 N/A 7.2 HIGH
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
CVE-2022-43578 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2023-03-02 N/A 5.4 MEDIUM
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238683.
CVE-2022-26841 3 Intel, Linux, Microsoft 3 Sgx Sdk, Linux Kernel, Windows 2023-03-02 N/A 5.5 MEDIUM
Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-22236 3 Adobe, Apple, Microsoft 3 Animate, Macos, Windows 2023-03-02 N/A 7.8 HIGH
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22234 2 Adobe, Microsoft 2 Premiere Rush, Windows 2023-03-02 N/A 7.8 HIGH
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2019-14211 2 Foxitsoftware, Microsoft 2 Phantompdf, Windows 2023-03-02 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript.
CVE-2023-25928 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2023-03-02 N/A 5.4 MEDIUM
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646.
CVE-2023-21622 2 Adobe, Microsoft 2 Framemaker, Windows 2023-03-01 N/A 7.8 HIGH
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21621 2 Adobe, Microsoft 2 Framemaker, Windows 2023-03-01 N/A 7.8 HIGH
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21620 2 Adobe, Microsoft 2 Framemaker, Windows 2023-03-01 N/A 5.5 MEDIUM
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21619 2 Adobe, Microsoft 2 Framemaker, Windows 2023-03-01 N/A 7.8 HIGH
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21584 2 Adobe, Microsoft 2 Framemaker, Windows 2023-03-01 N/A 5.5 MEDIUM
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.