Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26414 | 1 Microsoft | 10 Windows 10, Windows 7, Windows 8.1 and 7 more | 2022-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows DCOM Server Security Feature Bypass | |||||
| CVE-2022-30129 | 1 Microsoft | 1 Visual Studio Code | 2022-09-09 | 6.8 MEDIUM | 8.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability. | |||||
| CVE-2022-37771 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2022-09-09 | N/A | 6.7 MEDIUM |
| IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | |||||
| CVE-2022-26612 | 2 Apache, Microsoft | 2 Hadoop, Windows | 2022-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 | |||||
| CVE-2022-22516 | 2 Codesys, Microsoft | 5 Control Rte Sl, Control Rte Sl \(for Beckhoff Cx\), Control Win Sl and 2 more | 2022-09-09 | 7.2 HIGH | 7.8 HIGH |
| The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | |||||
| CVE-2022-28199 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Data Plane Development Kit | 2022-09-07 | N/A | 6.5 MEDIUM |
| NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | |||||
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2022-09-06 | N/A | 7.8 HIGH |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | |||||
| CVE-2022-36564 | 2 Microsoft, Strawberryperl | 2 Windows, Strawberryperl | 2022-09-06 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-21815 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming Guest, Geforce and 7 more | 2022-09-02 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. | |||||
| CVE-2022-26488 | 3 Microsoft, Netapp, Python | 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2022-09-02 | 4.4 MEDIUM | 7.0 HIGH |
| In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | |||||
| CVE-2022-25641 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 5.5 MEDIUM |
| Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. | |||||
| CVE-2020-1456 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2022-09-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1451. | |||||
| CVE-2021-40326 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 5.5 MEDIUM |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. | |||||
| CVE-2021-41782 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 7.8 HIGH |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | |||||
| CVE-2021-41781 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 7.8 HIGH |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | |||||
| CVE-2021-41780 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 7.8 HIGH |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | |||||
| CVE-2021-41785 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 7.8 HIGH |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | |||||
| CVE-2021-41783 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 7.8 HIGH |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | |||||
| CVE-2021-41784 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2022-09-02 | N/A | 7.8 HIGH |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | |||||
| CVE-2022-34303 | 3 Eurosoft-uk, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2022-09-01 | N/A | 6.7 MEDIUM |
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | |||||