Filtered by vendor Microsoft
Subscriptions
Total
23035 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0188 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2025-02-13 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. | ||||
| CVE-2023-0187 | 2 Microsoft, Nvidia | 2 Windows, Virtual Gpu | 2025-02-13 | 6.1 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. | ||||
| CVE-2023-0181 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2025-02-13 | 7.1 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | ||||
| CVE-2021-28446 | 1 Microsoft | 18 Windows 10, Windows 10 1607, Windows 10 1809 and 15 more | 2025-02-13 | 7.1 High |
| Windows Portmapping Information Disclosure Vulnerability | ||||
| CVE-2024-2362 | 3 Linux, Lollms, Microsoft | 3 Linux Kernel, Lollms Web Ui, Windows | 2025-02-13 | 9.1 Critical |
| A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory. | ||||
| CVE-2024-30164 | 3 Apple, Codesys, Microsoft | 3 Macos, Linux, Windows | 2025-02-13 | 6.7 Medium |
| Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165. | ||||
| CVE-2022-35797 | 1 Microsoft | 2 Windows 10, Windows 11 | 2025-02-13 | 6.1 Medium |
| Windows Hello Security Feature Bypass Vulnerability | ||||
| CVE-2022-35795 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-02-13 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2022-35794 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-02-13 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-35784 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-02-12 | 6.5 Medium |
| Azure Site Recovery Elevation of Privilege Vulnerability | ||||
| CVE-2022-35783 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-02-12 | 4.4 Medium |
| Azure Site Recovery Elevation of Privilege Vulnerability | ||||
| CVE-2025-21128 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-02-12 | 7.8 High |
| Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21131 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-02-12 | 7.8 High |
| Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21132 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-02-12 | 7.8 High |
| Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21129 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-02-12 | 7.8 High |
| Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-21130 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-02-12 | 7.8 High |
| Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-43637 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-12 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18626. | ||||
| CVE-2022-43638 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-12 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18627. | ||||
| CVE-2022-43639 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-12 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18628. | ||||
| CVE-2022-43640 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-02-12 | 5.5 Medium |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18629. | ||||