Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 5937 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3732 2 Microsoft, Vmware 5 Windows, Ace, Player and 2 more 2022-06-15 10.0 HIGH N/A
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2022-29594 2 Eginnovations, Microsoft 5 Eg Agent, Eg Manager, Eg Rum Collectors and 2 more 2022-06-13 7.2 HIGH 7.8 HIGH
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
CVE-2022-22977 2 Microsoft, Vmware 2 Windows, Tools 2022-06-09 3.6 LOW 7.1 HIGH
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-30701 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-06-08 7.2 HIGH 7.8 HIGH
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-30700 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-06-08 7.2 HIGH 7.8 HIGH
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-30687 2 Microsoft, Trendmicro 2 Windows, Maximum Security 2022 2022-06-08 6.6 MEDIUM 7.1 HIGH
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
CVE-2022-28875 3 Apple, F-secure, Microsoft 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more 2022-06-08 4.3 MEDIUM 6.5 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVE-2022-28944 2 Emcosoftware, Microsoft 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more 2022-06-07 6.8 MEDIUM 8.8 HIGH
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.
CVE-2010-0129 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2022-06-07 9.3 HIGH 8.8 HIGH
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.
CVE-2022-29376 2 Apachefriends, Microsoft 2 Xampp, Windows 2022-06-07 6.5 MEDIUM 8.8 HIGH
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
CVE-2022-28874 4 Apple, F-secure, Microsoft and 1 more 7 Macos, Atlant, Elements Endpoint Protection and 4 more 2022-06-07 5.0 MEDIUM 7.5 HIGH
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
CVE-2021-42733 2 Adobe, Microsoft 2 Bridge, Windows 2022-06-03 4.3 MEDIUM 5.5 MEDIUM
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2011-4372 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2022-06-03 7.5 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
CVE-2011-4373 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2022-06-03 7.5 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
CVE-2022-25365 2 Docker, Microsoft 2 Docker, Windows 2022-06-03 4.6 MEDIUM 7.8 HIGH
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
CVE-2021-26630 2 Handysoft, Microsoft 2 Groupware, Windows 2022-06-01 7.5 HIGH 9.8 CRITICAL
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
CVE-2022-30994 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 5.0 MEDIUM 7.5 HIGH
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
CVE-2022-30991 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 4.3 MEDIUM 6.1 MEDIUM
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2022-30993 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 5.0 MEDIUM 7.5 HIGH
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2022-30992 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2022-06-01 5.8 MEDIUM 6.1 MEDIUM
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240