Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7334 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-38213 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2023-08-14 | 5.5 Medium |
Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2023-20562 | 3 Amd, Linux, Microsoft | 3 Amd Uprof, Linux Kernel, Windows | 2023-08-14 | 7.8 High |
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. | ||||
CVE-2022-22528 | 2 Microsoft, Sap | 2 Windows, Adaptive Server Enterprise | 2023-08-14 | 7.8 High |
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. | ||||
CVE-2023-2313 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-08-10 | 8.8 High |
Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) | ||||
CVE-2023-39143 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2023-08-08 | 9.8 Critical |
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). | ||||
CVE-2023-32764 | 2 Fabasoft, Microsoft | 4 Cloud, Cloud Enterprise Client, Folio \/ Egov-suite and 1 more | 2023-08-08 | 7.8 High |
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. | ||||
CVE-2023-36858 | 3 Apple, F5, Microsoft | 4 Macos, Access Policy Manager Clients, Big-ip Access Policy Manager and 1 more | 2023-08-08 | 5.5 Medium |
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2022-22454 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server On Cloud, Linux Kernel and 1 more | 2023-08-08 | 7.8 High |
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||||
CVE-2021-38879 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2023-08-08 | 5.3 Medium |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. | ||||
CVE-2022-28226 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2023-08-08 | 7.8 High |
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | ||||
CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2023-08-08 | 7.3 High |
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | ||||
CVE-2022-22310 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2023-08-08 | 6.5 Medium |
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224. | ||||
CVE-2022-22319 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2023-08-08 | 5.4 Medium |
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. | ||||
CVE-2022-22494 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2023-08-08 | 5.3 Medium |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. | ||||
CVE-2022-22414 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2023-08-08 | 5.5 Medium |
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026. | ||||
CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2023-08-08 | 6.5 Medium |
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
CVE-2022-1128 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-08-08 | 6.5 Medium |
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. | ||||
CVE-2022-41975 | 2 Microsoft, Realvnc | 3 Windows, Vnc Server, Vnc Viewer | 2023-08-08 | 7.8 High |
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | ||||
CVE-2022-22373 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-08-08 | 5.4 Medium |
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. | ||||
CVE-2022-40139 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-08-08 | 7.2 High |
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability. |