Filtered by vendor Microsoft
Subscribe
Total
192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25523 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-12-10 | N/A | 3.3 LOW |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service. | |||||
| CVE-2023-25510 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-12-10 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. | |||||
| CVE-2023-28303 | 1 Microsoft | 2 Snip \& Sketch, Snipping Tool | 2023-12-10 | N/A | 3.3 LOW |
| Windows Snipping Tool Information Disclosure Vulnerability | |||||
| CVE-2023-0196 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2023-12-10 | N/A | 3.3 LOW |
| NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service. | |||||
| CVE-2023-21759 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2023-12-10 | N/A | 3.3 LOW |
| Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | |||||
| CVE-2022-42266 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2023-12-10 | N/A | 3.3 LOW |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure. | |||||
| CVE-2022-34881 | 3 Hitachi, Linux, Microsoft | 3 Jp1\/automatic Operation, Linux Kernel, Windows | 2023-12-10 | N/A | 3.3 LOW |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01. | |||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-10 | N/A | 3.1 LOW |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2022-42436 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2023-12-10 | N/A | 3.3 LOW |
| IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | |||||
| CVE-2022-45433 | 2 Dahuasecurity, Microsoft | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2023-12-10 | N/A | 3.7 LOW |
| Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. | |||||
| CVE-2022-34874 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-12-10 | N/A | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17474. | |||||
| CVE-2022-34873 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-12-10 | N/A | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16777. | |||||
| CVE-2022-34875 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-12-10 | N/A | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981. | |||||
| CVE-2022-33973 | 2 Intel, Microsoft | 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 | 2023-12-10 | N/A | 3.3 LOW |
| Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-22779 | 3 Apple, Keybase, Microsoft | 3 Macos, Keybase, Windows | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. | |||||
| CVE-2021-20551 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | |||||
| CVE-2022-21977 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Media Foundation Information Disclosure Vulnerability | |||||
| CVE-2022-23292 | 1 Microsoft | 1 On-premises Data Gateway | 2023-12-10 | 3.6 LOW | 3.7 LOW |
| Microsoft Power BI Spoofing Vulnerability | |||||
| CVE-2022-28252 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30130 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| .NET Framework Denial of Service Vulnerability | |||||