Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2330 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2022-09-30 | N/A | 6.5 MEDIUM |
| Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | |||||
| CVE-2020-4588 | 2 Ibm, Microsoft | 2 I2 Ibase, Windows | 2022-09-30 | 6.8 MEDIUM | 7.8 HIGH |
| IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. | |||||
| CVE-2022-37969 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-09-30 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803. | |||||
| CVE-2020-1027 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-09-30 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003. | |||||
| CVE-2022-38012 | 1 Microsoft | 1 Edge Chromium | 2022-09-29 | N/A | 7.7 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. | |||||
| CVE-2022-40082 | 2 Cloudwego, Microsoft | 2 Hertz, Windows | 2022-09-29 | N/A | 7.5 HIGH |
| Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | |||||
| CVE-2010-1281 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-09-29 | 9.3 HIGH | 8.8 HIGH |
| iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | |||||
| CVE-2022-0807 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0806 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-0802 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0805 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | |||||
| CVE-2022-0804 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0791 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2022-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. | |||||
| CVE-2022-22049 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-28 | 7.2 HIGH | 7.8 HIGH |
| Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047. | |||||
| CVE-2022-22026 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-09-28 | 7.2 HIGH | 8.8 HIGH |
| Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22047, CVE-2022-22049. | |||||
| CVE-2020-4757 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2022-09-28 | 3.5 LOW | 6.4 MEDIUM |
| IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. | |||||
| CVE-2022-21906 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server and 1 more | 2022-09-27 | 2.1 LOW | 5.5 MEDIUM |
| Windows Defender Application Control Security Feature Bypass Vulnerability. | |||||
| CVE-2021-27271 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-09-27 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. | |||||
| CVE-2022-33642 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2022-09-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. | |||||