Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3900 | 1 Microsoft | 13 Windows 10, Windows 11, Windows 7 and 10 more | 2022-11-02 | 7.6 HIGH | N/A |
| The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | |||||
| CVE-2022-38436 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-10-31 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38435 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-10-31 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-0799 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. | |||||
| CVE-2022-0796 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0797 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2022-0798 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2022-10-27 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2021-35245 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2022-10-27 | 6.8 MEDIUM | 6.8 MEDIUM |
| When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | |||||
| CVE-2022-30155 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-27 | 7.1 HIGH | 5.5 MEDIUM |
| Windows Kernel Denial of Service Vulnerability. | |||||
| CVE-2022-30166 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. | |||||
| CVE-2022-34711 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-27 | N/A | 7.8 HIGH |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-34705, CVE-2022-35771. | |||||
| CVE-2022-35822 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-27 | N/A | 7.1 HIGH |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-34709. | |||||
| CVE-2021-3626 | 2 Canonical, Microsoft | 2 Multipass, Windows | 2022-10-27 | 4.6 MEDIUM | 8.8 HIGH |
| The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | |||||
| CVE-2021-35995 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2022-10-27 | 4.3 MEDIUM | 3.3 LOW |
| Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-35213 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2022-10-27 | 9.0 HIGH | 8.8 HIGH |
| An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability. | |||||
| CVE-2021-35221 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2022-10-27 | 5.5 MEDIUM | 8.1 HIGH |
| Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | |||||
| CVE-2021-36006 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-10-27 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) are affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-37705 | 1 Microsoft | 1 Onefuzz | 2022-10-27 | 6.8 MEDIUM | 10.0 CRITICAL |
| OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option. | |||||
| CVE-2022-26909 | 1 Microsoft | 1 Edge Chromium | 2022-10-26 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912. | |||||