Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0193 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-03-16 | N/A | 4.4 MEDIUM |
NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | |||||
CVE-2023-24921 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2023-24919 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2023-24891 | 1 Microsoft | 1 Dynamics 365 | 2023-03-16 | N/A | 5.4 MEDIUM |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
CVE-2023-25148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-16 | N/A | 7.8 HIGH |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-25147 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-16 | N/A | 6.7 MEDIUM |
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | |||||
CVE-2023-25146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-16 | N/A | 7.8 HIGH |
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-25145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-16 | N/A | 7.8 HIGH |
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-16 | N/A | 7.8 HIGH |
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | |||||
CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-03-15 | N/A | 9.8 CRITICAL |
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
CVE-2023-21801 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 7.8 HIGH |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
CVE-2023-21721 | 1 Microsoft | 1 Onenote | 2023-03-14 | N/A | 6.5 MEDIUM |
Microsoft OneNote Elevation of Privilege Vulnerability | |||||
CVE-2023-21693 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 5.7 MEDIUM |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
CVE-2023-21684 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2023-03-14 | N/A | 8.8 HIGH |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||
CVE-2022-33644 | 1 Microsoft | 1 Windows 10 | 2023-03-14 | 4.4 MEDIUM | 7.0 HIGH |
Xbox Live Save Service Elevation of Privilege Vulnerability | |||||
CVE-2022-33632 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-03-14 | 4.6 MEDIUM | 4.7 MEDIUM |
Microsoft Office Security Feature Bypass Vulnerability | |||||
CVE-2023-23939 | 1 Microsoft | 1 Azure Setup Kubectl | 2023-03-13 | N/A | 7.0 HIGH |
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2023-1186 | 2 Fabulatech, Microsoft | 2 Webcam For Remote Desktop, Windows | 2023-03-10 | N/A | 5.5 MEDIUM |
A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability. | |||||
CVE-2023-1187 | 2 Fabulatech, Microsoft | 2 Webcam For Remote Desktop, Windows | 2023-03-10 | N/A | 5.5 MEDIUM |
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359. |