ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8898 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30292 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-12-02 | 7.8 High |
| Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-44341 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-02 | 5.5 Medium |
| Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-30282 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-12-02 | 7.8 High |
| Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2018-0373 | 2 Cisco, Microsoft | 2 Anyconnect Secure Mobility Client, Windows | 2024-11-29 | N/A |
| A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654. | ||||
| CVE-2018-0387 | 3 Apple, Cisco, Microsoft | 3 Macos, Webex Teams, Windows | 2024-11-29 | 8.8 High |
| A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. | ||||
| CVE-2023-25515 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-29 | 7.8 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. | ||||
| CVE-2018-18689 | 14 Apple, Avanquest, Foxitsoftware and 11 more | 20 Macos, Expert Pdf Ultimate, Pdf Experte Ultimate and 17 more | 2024-11-27 | 5.3 Medium |
| The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. | ||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-27 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-45253 | 2 Huddly, Microsoft | 2 Huddlycameraservices, Windows | 2024-11-26 | 7.8 High |
| An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library. | ||||
| CVE-2023-29487 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-26 | 9.1 Critical |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid vulnerability. Their DNS Security for Endpoint solution includes an optional feature to provide extra information on the originating process that made a DNS request. The lack of process identification in DNS logs is therefore falsely categorized as a DoS issue. | ||||
| CVE-2023-48861 | 2 Baidu, Microsoft | 2 Ttplayer, Windows | 2024-11-26 | 7.8 High |
| DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | ||||
| CVE-2018-0422 | 2 Cisco, Microsoft | 6 Webex Business Suite 31, Webex Business Suite 32, Webex Business Suite 33 and 3 more | 2024-11-26 | N/A |
| A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur. | ||||
| CVE-2018-0437 | 2 Cisco, Microsoft | 3 Umbrella Enterprise Roaming Client, Umbrella Roaming Module, Windows | 2024-11-26 | N/A |
| A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. | ||||
| CVE-2018-0438 | 2 Cisco, Microsoft | 2 Umbrella Enterprise Roaming Client, Windows | 2024-11-26 | N/A |
| A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. | ||||
| CVE-2018-15437 | 2 Cisco, Microsoft | 3 Advanced Malware Protection For Endpoints, Immunet For Endpoints, Windows | 2024-11-26 | 5.5 Medium |
| A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. An attacker could exploit this vulnerability by gaining local access to a system running Microsoft Windows and protected by Cisco Immunet or Cisco AMP for Endpoints and executing a malicious file. A successful exploit could allow the attacker to prevent the scanning services from functioning properly and ultimately prevent the system from being protected from further intrusion. | ||||
| CVE-2018-15452 | 2 Cisco, Microsoft | 2 Advanced Malware Protection For Endpoints, Windows | 2024-11-26 | N/A |
| A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or take other actions to prevent detection of unauthorized intrusions. To exploit this vulnerability, the attacker would need to have administrative credentials on the Windows system. The vulnerability is due to the improper validation of resources loaded by a system process at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. A successful exploit could allow the attacker to disable the targeted system's scanning services and ultimately prevent the system from being protected from further intrusion. There are no workarounds that address this vulnerability. | ||||
| CVE-2023-47076 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-26 | 5.5 Medium |
| Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-47061 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-26 | 5.5 Medium |
| Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-44340 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-26 | 5.5 Medium |
| Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||