Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
10229 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35899 | 2 Asus, Microsoft | 2 Aura Ready Game Software Development Kit, Windows | 2024-11-21 | 7.8 High |
| There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. | ||||
| CVE-2022-35672 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-35637 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. | ||||
| CVE-2022-35280 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | 9.8 Critical |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | ||||
| CVE-2022-35234 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 7.1 High |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | ||||
| CVE-2022-35219 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 5.5 Medium |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | ||||
| CVE-2022-35218 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 5.5 Medium |
| The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | ||||
| CVE-2022-35217 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 7.8 High |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | ||||
| CVE-2022-34893 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 7.8 High |
| Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine. | ||||
| CVE-2022-34874 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 3.3 Low |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17474. | ||||
| CVE-2022-34873 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 3.3 Low |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16777. | ||||
| CVE-2022-34336 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 5.4 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229714. | ||||
| CVE-2022-34165 | 6 Apple, Hp, Ibm and 3 more | 9 Macos, Hp-ux, Aix and 6 more | 2024-11-21 | 5.4 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. | ||||
| CVE-2022-34009 | 2 Fossil-scm, Microsoft | 2 Fossil, Windows | 2024-11-21 | 5.5 Medium |
| Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware. | ||||
| CVE-2022-33158 | 2 Microsoft, Trendmicro | 2 Windows, Vpn Proxy One Pro | 2024-11-21 | 7.8 High |
| Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | ||||
| CVE-2022-33127 | 2 Diffy Project, Microsoft | 2 Diffy, Windows | 2024-11-21 | 9.8 Critical |
| The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | ||||
| CVE-2022-31676 | 7 Debian, Fedoraproject, Linux and 4 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-11-21 | 7.8 High |
| VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | ||||
| CVE-2022-31665 | 3 Linux, Microsoft, Vmware | 5 Linux Kernel, Windows, Identity Manager and 2 more | 2024-11-21 | 7.2 High |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | ||||
| CVE-2022-31664 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 7.8 High |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. | ||||
| CVE-2022-31663 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 6.1 Medium |
| VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | ||||