Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 16642 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4588 2 Ibm, Microsoft 2 I2 Ibase, Windows 2022-09-30 6.8 MEDIUM 7.8 HIGH
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.
CVE-2022-37969 1 Microsoft 9 Windows 10, Windows 11, Windows 7 and 6 more 2022-09-30 N/A 7.8 HIGH
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.
CVE-2020-1027 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2022-09-30 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.
CVE-2020-24588 8 Arista, Cisco, Debian and 5 more 349 C-100, C-100 Firmware, C-110 and 346 more 2022-09-30 2.9 LOW 3.5 LOW
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
CVE-2022-38012 1 Microsoft 1 Edge Chromium 2022-09-29 N/A 7.7 HIGH
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.
CVE-2022-40082 2 Cloudwego, Microsoft 2 Hertz, Windows 2022-09-29 N/A 7.5 HIGH
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.
CVE-2010-1281 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2022-09-29 9.3 HIGH 8.8 HIGH
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
CVE-2022-0805 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 6.8 MEDIUM 8.8 HIGH
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
CVE-2022-0804 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0806 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
CVE-2022-0803 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0807 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2022-0802 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0791 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 6.8 MEDIUM 8.8 HIGH
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
CVE-2022-22026 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-09-28 7.2 HIGH 8.8 HIGH
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22047, CVE-2022-22049.
CVE-2022-22049 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-09-28 7.2 HIGH 7.8 HIGH
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22047.
CVE-2020-4757 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2022-09-28 3.5 LOW 6.4 MEDIUM
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.
CVE-2022-21906 1 Microsoft 4 Windows 10, Windows 11, Windows Server and 1 more 2022-09-27 2.1 LOW 5.5 MEDIUM
Windows Defender Application Control Security Feature Bypass Vulnerability.
CVE-2021-27271 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2022-09-27 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438.
CVE-2022-33642 1 Microsoft 1 Azure Site Recovery Vmware To Azure 2022-09-27 4.0 MEDIUM 4.9 MEDIUM
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677.