Filtered by vendor Microsoft
Subscribe
Total
21970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41744 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-41740 | 3 Ibm, Microsoft, Redhat | 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | |||||
| CVE-2022-41733 | 3 Ibm, Linux, Microsoft | 3 Infosphere Information Server, Linux Kernel, Windows | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583. | |||||
| CVE-2022-41722 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". | |||||
| CVE-2022-41716 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". | |||||
| CVE-2022-41687 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41628 | 2 Intel, Microsoft | 15 Nuc P14e Laptop Element, Windows 10 1507, Windows 10 1511 and 12 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41552 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | |||||
| CVE-2022-41294 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. | |||||
| CVE-2022-41291 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | |||||
| CVE-2022-41261 | 2 Microsoft, Sap | 2 Windows, Solution Manager | 2024-11-21 | N/A | 6.0 MEDIUM |
| SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | |||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2024-11-21 | N/A | 5.5 MEDIUM |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | |||||
| CVE-2022-41157 | 2 Microsoft, Webcash | 2 Windows, Serp Server 2.0 | 2024-11-21 | N/A | 8.1 HIGH |
| A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands. | |||||
| CVE-2022-41156 | 2 Etm-s, Microsoft | 2 Ondiskplayeragent, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code. | |||||
| CVE-2022-41128 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows Scripting Languages Remote Code Execution Vulnerability | |||||
| CVE-2022-41127 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2024-11-21 | N/A | 8.5 HIGH |
| Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | |||||
| CVE-2022-41123 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2022-41122 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2022-41120 | 1 Microsoft | 1 Windows Sysmon | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability | |||||
| CVE-2022-41119 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||