Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7453 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-3626 | 2 Canonical, Microsoft | 2 Multipass, Windows | 2024-09-17 | 8.8 High |
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | ||||
CVE-2022-34244 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-09-17 | 5.5 Medium |
Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2021-34423 | 5 Apple, Google, Linux and 2 more | 31 Iphone Os, Macos, Android and 28 more | 2024-09-17 | 9.8 Critical |
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. | ||||
CVE-2021-40708 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2024-09-17 | 7.3 High |
Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability. | ||||
CVE-2022-22319 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2024-09-17 | 5.4 Medium |
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. | ||||
CVE-2020-3925 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-09-17 | 8.3 High |
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. | ||||
CVE-2021-35989 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-09-17 | 7.8 High |
Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-30664 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-09-17 | N/A |
Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2021-44743 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-09-17 | 7.8 High |
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2020-7289 | 2 Mcafee, Microsoft | 2 Active Response, Windows | 2024-09-17 | 7.8 High |
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
CVE-2020-4870 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2024-09-17 | 7.5 High |
IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833. | ||||
CVE-2019-4738 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-09-17 | 6.5 Medium |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753. | ||||
CVE-2022-38444 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-09-17 | 7.8 High |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2021-28820 | 2 Microsoft, Tibco | 2 Windows, Ftl | 2024-09-17 | 8.8 High |
The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below. | ||||
CVE-2019-16001 | 2 Cisco, Microsoft | 3 Webex Meetings, Webex Teams, Windows | 2024-09-17 | 5.3 Medium |
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account. | ||||
CVE-2020-4262 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2024-09-17 | 7.8 High |
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. | ||||
CVE-2018-1544 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-09-17 | N/A |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. | ||||
CVE-2022-38446 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-09-17 | 7.8 High |
Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2021-36077 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2024-09-17 | 5.5 Medium |
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability. | ||||
CVE-2021-36014 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2024-09-17 | 3.3 Low |
Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |