Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21105 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2022-10-07 | 9.3 HIGH | 8.8 HIGH |
| Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21104 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2022-10-07 | 9.3 HIGH | 8.8 HIGH |
| Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34709 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-07 | N/A | 6.0 MEDIUM |
| Windows Defender Credential Guard Security Feature Bypass Vulnerability. | |||||
| CVE-2022-29148 | 1 Microsoft | 1 Visual Studio 2017 | 2022-10-07 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability. | |||||
| CVE-2022-26925 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-10-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows LSA Spoofing Vulnerability. | |||||
| CVE-2022-24545 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-07 | 5.1 MEDIUM | 8.1 HIGH |
| Windows Kerberos Remote Code Execution Vulnerability. | |||||
| CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2022-10-06 | 2.6 LOW | 6.1 MEDIUM |
| The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2022-10-06 | N/A | 7.8 HIGH |
| There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. | |||||
| CVE-2022-29145 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2022-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. | |||||
| CVE-2021-21912 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2022-10-05 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-29109 | 1 Microsoft | 3 365 Apps, Office, Office Online Server | 2022-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29110. | |||||
| CVE-2020-20907 | 2 Metinfo, Microsoft | 2 Metinfo, Windows | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | |||||
| CVE-2022-29110 | 1 Microsoft | 2 Excel, Office Web Apps Server | 2022-10-05 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109. | |||||
| CVE-2022-30184 | 3 Apple, Fedoraproject, Microsoft | 7 Macos, Fedora, .net and 4 more | 2022-10-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| .NET and Visual Studio Information Disclosure Vulnerability. | |||||
| CVE-2022-30165 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability. | |||||
| CVE-2011-4371 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2011-4370 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. | |||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2022-10-04 | N/A | 9.8 CRITICAL |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | |||||
| CVE-2018-8409 | 1 Microsoft | 3 .net Core, Asp.net Core, System.io.pipelines | 2022-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. | |||||
| CVE-2022-41975 | 2 Microsoft, Realvnc | 3 Windows, Vnc Server, Vnc Viewer | 2022-10-04 | N/A | 7.8 HIGH |
| RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | |||||