Filtered by vendor Microsoft
Subscriptions
Total
23169 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40707 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-11-21 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. | ||||
| CVE-2022-40144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | ||||
| CVE-2022-40143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.3 High |
| A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-40142 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-40141 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.5 High |
| A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server. | ||||
| CVE-2022-40140 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.5 Medium |
| An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-3734 | 2 Microsoft, Redis | 2 Windows, Redis | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. | ||||
| CVE-2022-39959 | 2 Microsoft, Panini | 2 Windows, Everest Engine | 2024-11-21 | 7.8 High |
| Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file. | ||||
| CVE-2022-39949 | 2 Fortinet, Microsoft | 2 Fortiedr, Windows | 2024-11-21 | 4.4 Medium |
| An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection. | ||||
| CVE-2022-38764 | 2 Microsoft, Trendmicro | 2 Windows, Housecall | 2024-11-21 | 7.8 High |
| A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. | ||||
| CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | 5.3 Medium |
| IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | ||||
| CVE-2022-38709 | 2 Ibm, Microsoft | 2 Robotic Process Automation For Cloud Pak, Windows | 2024-11-21 | 6.1 Medium |
| IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | ||||
| CVE-2022-38434 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-38221 | 3 Linux, Microsoft, The Isle Evrima Project | 3 Linux Kernel, Windows, The Isle Evrima | 2024-11-21 | 9.8 Critical |
| A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code. | ||||
| CVE-2022-37771 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | 6.7 Medium |
| IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | ||||
| CVE-2022-37348 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 5.5 Medium |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. | ||||
| CVE-2022-37173 | 2 Microsoft, Vim | 2 Windows, Gvim | 2024-11-21 | 7.8 High |
| An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | ||||
| CVE-2022-36947 | 2 Faststone, Microsoft | 2 Image Viewer, Windows | 2024-11-21 | 9.8 Critical |
| Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. | ||||
| CVE-2022-36774 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-11-21 | 5.3 Medium |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. | ||||
| CVE-2022-36772 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | ||||