Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 15829 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42743 2 Microsoft, Splunk 2 Windows, Splunk 2022-05-17 4.6 MEDIUM 7.8 HIGH
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
CVE-2022-24765 2 Git-scm, Microsoft 2 Git, Windows 2022-05-17 6.9 MEDIUM 7.8 HIGH
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
CVE-2021-36741 2 Microsoft, Trendmicro 5 Windows, Apex One, Officescan and 2 more 2022-05-16 6.5 MEDIUM 8.8 HIGH
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.
CVE-2021-26334 3 Amd, Linux, Microsoft 3 Amd Uprof, Linux Kernel, Windows 2022-05-16 9.0 HIGH 9.9 CRITICAL
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.
CVE-2020-7061 3 Microsoft, Php, Tenable 3 Windows, Php, Tenable.sc 2022-05-16 6.4 MEDIUM 9.1 CRITICAL
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2022-22319 2 Ibm, Microsoft 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows 2022-05-16 5.5 MEDIUM 5.4 MEDIUM
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366.
CVE-2022-22454 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server On Cloud, Linux Kernel and 1 more 2022-05-16 7.2 HIGH 7.8 HIGH
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2022-28279 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-16 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28278 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-16 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-22433 2 Ibm, Microsoft 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows 2022-05-16 5.0 MEDIUM 7.5 HIGH
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.
CVE-2008-3023 2 Fswiki, Microsoft 2 Freestyle Wiki, Internet Explorer 2022-05-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799.
CVE-2019-4588 2 Ibm, Microsoft 2 Db2, Windows 2022-05-13 4.4 MEDIUM 7.8 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.
CVE-2022-22415 2 Ibm, Microsoft 2 Robotic Process Automation, Windows 2022-05-13 4.0 MEDIUM 6.5 MEDIUM
A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029.
CVE-2022-28270 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.
CVE-2022-28271 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
CVE-2022-28272 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28273 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28274 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28277 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
CVE-2022-28276 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2022-05-13 9.3 HIGH 7.8 HIGH
Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.