Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1186 | 2 Fabulatech, Microsoft | 2 Webcam For Remote Desktop, Windows | 2024-05-17 | 5.5 Medium |
| A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects the function 0x222010/0x222018 in the library ftwebcam.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1048 | 2 Microsoft, Techpowerup | 2 Windows, Dram Calculator For Ryzen | 2024-05-17 | 7.8 High |
| A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807. | ||||
| CVE-2023-1004 | 2 Marktext, Microsoft | 2 Marktext, Windows | 2024-05-17 | 7.8 High |
| A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | ||||
| CVE-2023-1003 | 2 Microsoft, Typora | 2 Windows, Typora | 2024-05-17 | 7.8 High |
| A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. | ||||
| CVE-2022-3734 | 2 Microsoft, Redis | 2 Windows, Redis | 2024-05-17 | 9.8 Critical |
| A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. | ||||
| CVE-2022-29583 | 2 Microsoft, Service Project | 2 Windows, Service | 2024-05-17 | 7.8 High |
| service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others. | ||||
| CVE-2022-29072 | 2 7-zip, Microsoft | 2 7-zip, Windows | 2024-05-17 | 7.8 High |
| 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur | ||||
| CVE-2020-18171 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-05-17 | 8.8 High |
| TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details | ||||
| CVE-2020-18169 | 2 Microsoft, Techsmith | 2 Windows, Snagit | 2024-05-17 | 7.8 High |
| A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details | ||||
| CVE-2019-13404 | 2 Microsoft, Python | 2 Windows, Python | 2024-05-17 | N/A |
| The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x | ||||
| CVE-2011-3640 | 3 Apple, Google, Microsoft | 3 Macos, Chrome, Windows | 2024-05-17 | N/A |
| Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | ||||
| CVE-2023-29165 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-05-16 | 7.3 High |
| Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-27305 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-05-16 | 7.8 High |
| Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-25952 | 2 Intel, Microsoft | 3 Arc A Graphics, Iris Xe Graphics, Windows | 2024-05-16 | 5.5 Medium |
| Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-47039 | 2 Microsoft, Perl | 2 Windows, Perl | 2024-03-28 | 7.8 High |
| A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | ||||
| CVE-2021-29725 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, Secure External Authentication Server, Sterling Secure Proxy and 3 more | 2024-03-19 | 7.5 High |
| IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. | ||||
| CVE-2024-27265 | 3 Ibm, Linux, Microsoft | 4 Integration Bus, Z\/os, Linux Kernel and 1 more | 2024-03-19 | 6.5 Medium |
| IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. | ||||
| CVE-2023-41748 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-03-18 | 9.8 Critical |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
| CVE-2023-41747 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-03-18 | 7.5 High |
| Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||
| CVE-2023-41746 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-03-18 | 9.8 Critical |
| Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | ||||