Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4258 | 2 Hima, Microsoft | 5 Hopcs, X-opc A\+e, X-opc Da and 2 more | 2024-08-03 | 7.8 High |
| In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system. | ||||
| CVE-2022-4187 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-08-03 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-4149 | 2 Microsoft, Netskope | 2 Windows, Netskope | 2024-08-03 | 7 High |
| The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges. | ||||
| CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2024-08-03 | 9.6 Critical |
| Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | ||||
| CVE-2022-3884 | 2 Hitachi, Microsoft | 2 Ops Center Analyzer, Windows | 2024-08-03 | 7.3 High |
| Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. | ||||
| CVE-2022-3724 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2024-08-03 | 6.3 Medium |
| Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows | ||||
| CVE-2022-3405 | 3 Acronis, Linux, Microsoft | 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more | 2024-08-03 | 8.8 High |
| Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | ||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2024-08-03 | 9.8 Critical |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | ||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 9.8 Critical |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | ||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-08-03 | 6.5 Medium |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | ||||
| CVE-2022-2330 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-08-03 | 6.5 Medium |
| Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | ||||
| CVE-2022-2188 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2024-08-03 | 6.5 Medium |
| Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | ||||
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-08-03 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | ||||
| CVE-2022-2162 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-08-03 | 8.8 High |
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. | ||||
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | ||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | ||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | ||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-08-03 | 9.1 Critical |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-08-03 | 7.5 High |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | ||||
| CVE-2022-1901 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-08-03 | 5.3 Medium |
| In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | ||||