Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
Total 5937 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30990 3 Acronis, Linux, Microsoft 4 Agent, Cyber Protect, Linux Kernel and 1 more 2022-06-01 5.0 MEDIUM 7.5 HIGH
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
CVE-2022-0883 2 Microsoft, Snowsoftware 2 Windows, Snow License Manager 2022-06-01 4.6 MEDIUM 7.8 HIGH
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
CVE-2021-28927 2 Libretro, Microsoft 2 Retroarch, Windows 2022-05-27 4.6 MEDIUM 7.8 HIGH
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.
CVE-2022-28182 2 Microsoft, Nvidia 3 Windows, Gpu Display Driver, Virtual Gpu 2022-05-26 6.8 MEDIUM 8.5 HIGH
NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
CVE-2022-28181 3 Linux, Microsoft, Nvidia 4 Linux Kernel, Windows, Gpu Display Driver and 1 more 2022-05-26 6.9 MEDIUM 8.5 HIGH
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.
CVE-2022-28186 2 Microsoft, Nvidia 3 Windows, Gpu Display Driver, Virtual Gpu 2022-05-26 3.6 LOW 6.1 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.
CVE-2022-28188 2 Microsoft, Nvidia 3 Windows, Gpu Display Driver, Virtual Gpu 2022-05-26 4.9 MEDIUM 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.
CVE-2021-44705 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2022-05-25 9.3 HIGH 7.8 HIGH
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2021-44707 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2022-05-25 9.3 HIGH 7.8 HIGH
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-3927 2 Changingtec, Microsoft 2 Servisign, Windows 2022-05-25 8.5 HIGH 7.5 HIGH
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
CVE-2022-30055 2 Mersenne, Microsoft 2 Prime95, Windows 2022-05-25 7.5 HIGH 9.8 CRITICAL
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.
CVE-2022-22484 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Protect, Linux Kernel and 1 more 2022-05-25 2.1 LOW 5.5 MEDIUM
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
CVE-2020-3766 2 Adobe, Microsoft 2 Genuine Integrity Service, Windows 2022-05-24 7.2 HIGH 7.8 HIGH
Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3926 2 Changingtec, Microsoft 2 Servisign, Windows 2022-05-24 7.8 HIGH 7.5 HIGH
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
CVE-2022-23742 2 Checkpoint, Microsoft 2 Endpoint Security, Windows 2022-05-23 4.6 MEDIUM 7.8 HIGH
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.
CVE-2022-28819 3 Adobe, Apple, Microsoft 3 Character Animator, Macos, Windows 2022-05-23 9.3 HIGH 7.8 HIGH
Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.
CVE-2022-28829 2 Adobe, Microsoft 2 Framemaker, Windows 2022-05-23 9.3 HIGH 7.8 HIGH
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28830 2 Adobe, Microsoft 2 Framemaker, Windows 2022-05-23 4.3 MEDIUM 5.5 MEDIUM
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28827 2 Adobe, Microsoft 2 Framemaker, Windows 2022-05-23 9.3 HIGH 7.8 HIGH
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28828 2 Adobe, Microsoft 2 Framemaker, Windows 2022-05-23 9.3 HIGH 7.8 HIGH
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.