ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8903 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28832 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28833 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28831 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28836 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28834 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28835 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-34238 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-27 | 5.5 Medium |
| Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-38216 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-02-27 | 5.5 Medium |
| Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-38217 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-02-27 | 5.5 Medium |
| Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-3676 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2025-02-27 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-31018 | 8 Canonical, Citrix, Linux and 5 more | 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more | 2025-02-27 | 6.5 Medium |
| NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. | ||||
| CVE-2023-31022 | 8 Canonical, Citrix, Linux and 5 more | 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more | 2025-02-27 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. | ||||
| CVE-2023-24671 | 2 Microsoft, Vxsearch | 2 Windows, Vx Search | 2025-02-26 | 7.8 High |
| VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. | ||||
| CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-02-26 | 7.5 High |
| IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | ||||
| CVE-2023-26283 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-02-25 | 5.4 Medium |
| IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | ||||
| CVE-2022-24907 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-19 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16186. | ||||
| CVE-2022-24908 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-19 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16187. | ||||
| CVE-2022-4126 | 4 Abb, Apple, Linux and 1 more | 4 Rccmd, Macos, Linux Kernel and 1 more | 2025-02-19 | 9.6 Critical |
| Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207. | ||||
| CVE-2023-28597 | 2 Microsoft, Zoom | 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more | 2025-02-19 | 8.3 High |
| Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. | ||||
| CVE-2023-0664 | 4 Fedoraproject, Microsoft, Qemu and 1 more | 4 Fedora, Windows, Qemu and 1 more | 2025-02-18 | 7.8 High |
| A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. | ||||