Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 6504 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24671 2 Microsoft, Vxsearch 2 Windows, Vx Search 2023-03-22 N/A 7.8 HIGH
VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file.
CVE-2023-27875 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2023-03-21 N/A 7.5 HIGH
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2022-46763 2 Microsoft, Trueconf 2 Windows, Server 2023-03-21 N/A 8.8 HIGH
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
CVE-2023-0193 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2023-03-16 N/A 4.4 MEDIUM
NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.
CVE-2023-25148 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25147 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 6.7 MEDIUM
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
CVE-2023-25146 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25145 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25144 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
CVE-2023-25143 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-15 N/A 9.8 CRITICAL
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.
CVE-2023-1186 2 Fabulatech, Microsoft 2 Webcam For Remote Desktop, Windows 2023-03-10 N/A 5.5 MEDIUM
A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.
CVE-2023-1187 2 Fabulatech, Microsoft 2 Webcam For Remote Desktop, Windows 2023-03-10 N/A 5.5 MEDIUM
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.
CVE-2023-1188 2 Fabulatech, Microsoft 2 Webcam For Remote Desktop, Windows 2023-03-10 N/A 5.5 MEDIUM
A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.
CVE-2023-1217 2 Google, Microsoft 2 Chrome, Windows 2023-03-10 N/A 6.5 MEDIUM
Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2023-0196 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Cuda Toolkit 2023-03-10 N/A 3.3 LOW
NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.
CVE-2022-41722 2 Golang, Microsoft 2 Go, Windows 2023-03-10 N/A 7.5 HIGH
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
CVE-2023-26281 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Http Server and 4 more 2023-03-09 N/A 7.5 HIGH
IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.
CVE-2022-3884 2 Hitachi, Microsoft 2 Ops Center Analyzer, Windows 2023-03-08 N/A 7.1 HIGH
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.
CVE-2023-1048 2 Microsoft, Techpowerup 2 Windows, Dram Calculator For Ryzen 2023-03-07 N/A 7.8 HIGH
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.
CVE-2022-27808 2 Intel, Microsoft 2 Administrative Tools For Intel Network Adapters, Windows 2023-03-06 N/A 7.8 HIGH
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.