Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 6504 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22229 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21576 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21575 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21577 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 5.5 MEDIUM
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21578 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 5.5 MEDIUM
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-21574 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-02-24 N/A 7.8 HIGH
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-24483 2 Citrix, Microsoft 2 Virtual Apps And Desktops, Windows 2023-02-24 N/A 7.8 HIGH
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2023-23459 2 Microsoft, Priority-software 2 Windows, Priority 2023-02-24 N/A 9.8 CRITICAL
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.
CVE-2022-0564 2 Microsoft, Qlik 2 Windows, Qlik Sense 2023-02-24 4.3 MEDIUM 5.3 MEDIUM
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.
CVE-2023-22368 2 Elecom, Microsoft 3 Camera Assistant, Quickfiledealer, Windows 2023-02-23 N/A 7.8 HIGH
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2022-45454 2 Acronis, Microsoft 3 Agent, Cyber Protect, Windows 2023-02-22 N/A 7.5 HIGH
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2022-45455 2 Acronis, Microsoft 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more 2023-02-22 N/A 7.8 HIGH
Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2021-37712 5 Debian, Microsoft, Npmjs and 2 more 5 Debian Linux, Windows, Tar and 2 more 2023-02-22 4.4 MEDIUM 8.6 HIGH
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.
CVE-2021-44226 2 Microsoft, Razer 2 Windows, Synapse 2023-02-22 6.9 MEDIUM 7.3 HIGH
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
CVE-2022-42292 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2023-02-22 N/A 7.8 HIGH
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
CVE-2022-42444 3 Ibm, Linux, Microsoft 4 Aix, App Connect Enterprise, Linux Kernel and 1 more 2023-02-21 N/A 6.5 MEDIUM
IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.
CVE-2022-42436 4 Ibm, Linux, Microsoft and 1 more 7 Aix, I, Linux On Ibm Z and 4 more 2023-02-21 N/A 3.3 LOW
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
CVE-2022-38777 2 Elastic, Microsoft 3 Endgame, Endpoint Security, Windows 2023-02-21 N/A 7.8 HIGH
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
CVE-2023-23475 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2023-02-18 N/A 4.6 MEDIUM
IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.
CVE-2022-35720 3 Ibm, Linux, Microsoft 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more 2023-02-18 N/A 5.5 MEDIUM
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.