Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41156 | 2 Etm-s, Microsoft | 2 Ondiskplayeragent, Windows | 2022-12-01 | N/A | 7.8 HIGH |
| Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. | |||||
| CVE-2022-41157 | 2 Microsoft, Webcash | 2 Windows, Serp Server 2.0 | 2022-12-01 | N/A | 9.8 CRITICAL |
| A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | |||||
| CVE-2022-41924 | 2 Microsoft, Tailscale | 2 Windows, Tailscale | 2022-12-01 | N/A | 9.6 CRITICAL |
| A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue. | |||||
| CVE-2022-38166 | 3 Apple, F-secure, Microsoft | 3 Macos, Elements Endpoint Protection, Windows | 2022-11-30 | N/A | 7.5 HIGH |
| In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | |||||
| CVE-2022-4135 | 2 Google, Microsoft | 3 Chrome, Edge, Edge Chromium | 2022-11-29 | N/A | 9.6 CRITICAL |
| Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2022-11-29 | 4.3 MEDIUM | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
| CVE-2022-31613 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2022-11-29 | N/A | 6.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. | |||||
| CVE-2022-31610 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2022-11-29 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2022-34667 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2022-11-29 | N/A | 4.4 MEDIUM |
| NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user. | |||||
| CVE-2022-34665 | 3 Linux, Microsoft, Nvidia | 8 Linux Kernel, Windows, Cloud Gaming Guest and 5 more | 2022-11-29 | N/A | 6.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | |||||
| CVE-2022-31617 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2022-11-29 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2022-31616 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2022-11-29 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. | |||||
| CVE-2022-41064 | 1 Microsoft | 12 .net Framework, Nuget, Windows 10 and 9 more | 2022-11-29 | N/A | 5.8 MEDIUM |
| .NET Framework Information Disclosure Vulnerability. | |||||
| CVE-2022-31612 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2022-11-28 | N/A | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. | |||||
| CVE-2022-31606 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2022-11-28 | N/A | 7.8 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. | |||||
| CVE-2022-40746 | 2 Ibm, Microsoft | 2 I Access Client Solutions, Windows | 2022-11-23 | N/A | 6.7 MEDIUM |
| IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. | |||||
| CVE-2020-0971 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2022-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974. | |||||
| CVE-2018-8172 | 1 Microsoft | 3 Expression Blend, Visual Studio, Visual Studio 2017 | 2022-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | |||||
| CVE-2022-40752 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2022-11-20 | N/A | 9.8 CRITICAL |
| IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | |||||
| CVE-2013-0900 | 5 Apple, Debian, Google and 2 more | 5 Mac Os X, Debian Linux, Chrome and 2 more | 2022-11-18 | 6.8 MEDIUM | N/A |
| Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||