Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 1602 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3640 3 Apple, Google, Microsoft 3 Macos, Chrome, Windows 2024-03-21 7.1 HIGH N/A
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
CVE-2023-44324 2 Adobe, Microsoft 2 Framemaker Publishing Server, Windows 2024-03-15 N/A 9.8 CRITICAL
Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this issue does not require user interaction.
CVE-2010-0425 2 Apache, Microsoft 2 Http Server, Windows 2024-02-14 10.0 HIGH N/A
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
CVE-2009-0849 3 Linux, Microsoft, Novastor 3 Linux, Windows, Novanet 2024-02-14 7.5 HIGH N/A
Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
CVE-2009-3902 2 Cherokee, Microsoft 2 Cherokee Httpd, Windows 2024-02-14 5.0 MEDIUM N/A
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
CVE-2006-2312 2 Microsoft, Skype 2 Windows, Skype 2024-02-13 2.6 LOW N/A
Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.
CVE-2023-47059 3 Adobe, Apple, Microsoft 3 Premiere Pro, Macos, Windows 2023-12-10 N/A 7.8 HIGH
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-47055 3 Adobe, Apple, Microsoft 3 Premiere Pro, Macos, Windows 2023-12-10 N/A 7.8 HIGH
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-44332 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-12-10 N/A 5.5 MEDIUM
Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22272 2 Adobe, Microsoft 2 Robohelp Server, Windows 2023-12-10 N/A 7.5 HIGH
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-22274 2 Adobe, Microsoft 2 Robohelp Server, Windows 2023-12-10 N/A 7.5 HIGH
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-47042 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2023-12-10 N/A 7.8 HIGH
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22273 2 Adobe, Microsoft 2 Robohelp Server, Windows 2023-12-10 N/A 7.2 HIGH
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-47053 3 Adobe, Apple, Microsoft 3 Audition, Macos, Windows 2023-12-10 N/A 5.5 MEDIUM
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-44334 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-12-10 N/A 5.5 MEDIUM
Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-44335 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2023-12-10 N/A 5.5 MEDIUM
Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-22268 2 Adobe, Microsoft 2 Robohelp Server, Windows 2023-12-10 N/A 6.5 MEDIUM
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-47052 3 Adobe, Apple, Microsoft 3 Audition, Macos, Windows 2023-12-10 N/A 5.5 MEDIUM
Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-47043 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2023-12-10 N/A 7.8 HIGH
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-47041 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2023-12-10 N/A 7.8 HIGH
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.