Filtered by vendor Microsoft Subscriptions
Filtered by product Windows Subscriptions
Total 7672 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-29532 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2024-12-11 5.5 Medium
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
CVE-2024-43485 4 Apple, Linux, Microsoft and 1 more 10 Macos, Linux Kernel, .net and 7 more 2024-12-10 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43484 4 Apple, Linux, Microsoft and 1 more 26 Macos, Linux Kernel, .net and 23 more 2024-12-10 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43483 4 Apple, Linux, Microsoft and 1 more 26 Macos, Linux Kernel, .net and 23 more 2024-12-10 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-38229 4 Apple, Linux, Microsoft and 1 more 6 Macos, Linux Kernel, .net and 3 more 2024-12-10 8.1 High
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-45733 2 Microsoft, Splunk 3 Windows, Splunk, Splunk Enterprise 2024-12-10 8.8 High
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
CVE-2024-36991 2 Microsoft, Splunk 2 Windows, Splunk 2024-12-10 7.5 High
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
CVE-2023-40596 2 Microsoft, Splunk 2 Windows, Splunk 2024-12-10 7 High
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
CVE-2024-45731 2 Microsoft, Splunk 3 Windows, Splunk, Splunk Enterprise 2024-12-10 8 High
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
CVE-2023-28956 2 Ibm, Microsoft 3 Spectrum Protect, Spectrum Protect Backup-archive Client, Windows 2024-12-09 8.4 High
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
CVE-2024-0670 2 Checkmk, Microsoft 2 Checkmk, Windows 2024-12-09 8.8 High
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
CVE-2023-35174 2 Livebook, Microsoft 2 Livebook, Windows 2024-12-06 8.6 High
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.
CVE-2024-20739 3 Adobe, Apple, Microsoft 3 Audition, Macos, Windows 2024-12-06 7.8 High
Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20792 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-12-05 7.8 High
Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20793 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-12-05 5.5 Medium
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-28929 3 Microsoft, Trend Micro Inc, Trendmicro 14 Windows, Trend Micro Security, Antivirus\+ Security 2021 and 11 more 2024-12-05 7.8 High
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
CVE-2024-20770 3 Adobe, Apple, Microsoft 3 Photoshop, Macos, Windows 2024-12-05 5.5 Medium
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20766 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-12-05 5.5 Medium
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-21111 2 Microsoft, Oracle 2 Windows, Vm Virtualbox 2024-12-05 7.8 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVE-2023-30902 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-12-05 5.5 Medium
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.