Filtered by vendor Microsoft
Subscribe
Total
21919 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23204 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23200 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23199 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23198 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23197 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23196 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23195 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23194 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23193 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23192 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23191 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23190 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23189 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23188 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted malicious file in Illustrator. | |||||
| CVE-2022-23187 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. | |||||
| CVE-2022-23186 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-23171 | 2 Atlasvpn, Microsoft | 2 Atlasvpn, Windows | 2024-11-21 | 9.0 HIGH | 5.9 MEDIUM |
| AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed. | |||||
| CVE-2022-22977 | 2 Microsoft, Vmware | 2 Windows, Tools | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. | |||||
| CVE-2022-22952 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. | |||||
| CVE-2022-22951 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution. | |||||