Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 6218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4588 2 Ibm, Microsoft 2 I2 Ibase, Windows 2022-09-30 6.8 MEDIUM 7.8 HIGH
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.
CVE-2022-40082 2 Cloudwego, Microsoft 2 Hertz, Windows 2022-09-29 N/A 7.5 HIGH
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.
CVE-2010-1281 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2022-09-29 9.3 HIGH 8.8 HIGH
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
CVE-2022-0807 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2022-0803 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0804 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0805 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 6.8 MEDIUM 8.8 HIGH
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
CVE-2022-0802 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0806 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 4.3 MEDIUM 6.5 MEDIUM
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
CVE-2022-0791 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2022-09-28 6.8 MEDIUM 8.8 HIGH
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
CVE-2020-4757 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2022-09-28 3.5 LOW 6.4 MEDIUM
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.
CVE-2021-27271 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2022-09-27 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in an out-of-bounds read condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438.
CVE-2022-35721 3 Ibm, Linux, Microsoft 4 Aix, Jazz For Service Management, Linux Kernel and 1 more 2022-09-27 N/A 5.4 MEDIUM
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.
CVE-2022-40748 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2022-09-26 N/A 5.4 MEDIUM
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.
CVE-2022-1794 2 Codesys, Microsoft 2 Opc Da Server, Windows 2022-09-23 4.7 MEDIUM 5.5 MEDIUM
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.
CVE-2022-37348 2 Microsoft, Trendmicro 2 Windows, Security 2022-09-22 N/A 5.5 MEDIUM
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.
CVE-2022-37347 2 Microsoft, Trendmicro 2 Windows, Security 2022-09-22 N/A 5.5 MEDIUM
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234.
CVE-2022-34893 2 Microsoft, Trendmicro 2 Windows, Security 2022-09-22 N/A 7.8 HIGH
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.
CVE-2022-23767 2 Hanssak, Microsoft 3 Securegate, Weblink, Windows 2022-09-22 N/A 9.8 CRITICAL
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system.
CVE-2022-38764 2 Microsoft, Trendmicro 2 Windows, Housecall 2022-09-21 N/A 7.8 HIGH
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.