Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7334 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4594 | 2 Microsoft, Seattlelab | 2 Windows, Slmail | 2023-11-29 | 5.4 Medium |
Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file. | ||||
CVE-2023-4595 | 2 Microsoft, Seattlelab | 2 Windows, Slmail | 2023-11-29 | 6.5 Medium |
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end of the URL: %00 %0a, %20, %2a, %a0, %aa, %c0 and %ca. | ||||
CVE-2023-40363 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-11-29 | 6.5 Medium |
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. | ||||
CVE-2023-39246 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2023-11-29 | 7.3 High |
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | ||||
CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2023-11-29 | 7.8 High |
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | ||||
CVE-2023-0140 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | 6.5 Medium |
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2023-0139 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | 6.5 Medium |
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | 6.5 Medium |
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2022-4439 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | 8.8 High |
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) | ||||
CVE-2022-4187 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | 6.5 Medium |
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-44326 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-11-23 | 5.5 Medium |
Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-23 | 7.8 High |
A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | ||||
CVE-2021-21682 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2023-11-22 | 4.3 Medium |
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows. | ||||
CVE-2021-21683 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2023-11-22 | 6.5 Medium |
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. | ||||
CVE-2023-25071 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2023-11-22 | 5.5 Medium |
NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. | ||||
CVE-2023-47066 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | 7.8 High |
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-47067 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | 7.8 High |
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-47068 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | 7.8 High |
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-47069 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | 7.8 High |
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-47070 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-11-22 | 7.8 High |
Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |