Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7752 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0975 | 2 Microsoft, Trellix | 2 Windows, Agent | 2025-02-11 | 8.2 High |
| A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. | ||||
| CVE-2025-21127 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2025-02-11 | 7.8 High |
| Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application. | ||||
| CVE-2025-21122 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2025-02-11 | 7.8 High |
| Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-0977 | 3 Linux, Microsoft, Trellix | 3 Linux Kernel, Windows, Agent | 2025-02-11 | 6.7 Medium |
| A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | ||||
| CVE-2024-8596 | 2 Autodesk, Microsoft | 9 Autocad, Autocad Advance Steel, Autocad Architecture and 6 more | 2025-02-10 | 7.8 High |
| A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8593 | 2 Autodesk, Microsoft | 9 Autocad, Autocad Advance Steel, Autocad Architecture and 6 more | 2025-02-10 | 7.8 High |
| A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-21107 | 3 Dell, Linux, Microsoft | 3 Networker, Linux Kernel, Windows | 2025-02-07 | 7.8 High |
| Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2023-27497 | 2 Microsoft, Sap | 2 Windows, Diagnostics Agent | 2025-02-07 | 10 Critical |
| Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. | ||||
| CVE-2024-20765 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-07 | 7.8 High |
| Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2020-0601 | 2 Golang, Microsoft | 5 Go, Windows, Windows 10 and 2 more | 2025-02-07 | 8.1 High |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | ||||
| CVE-2012-1535 | 7 Adobe, Apple, Linux and 4 more | 10 Flash Player, Mac Os X, Linux Kernel and 7 more | 2025-02-07 | 7.8 High |
| Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. | ||||
| CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 12 Debian Linux, Windows, Firefox and 9 more | 2025-02-07 | 7.5 High |
| A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | ||||
| CVE-2023-47039 | 3 Microsoft, Perl, Redhat | 3 Windows, Perl, Enterprise Linux | 2025-02-07 | 7.8 High |
| A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations. | ||||
| CVE-2022-23748 | 2 Audinate, Microsoft | 2 Dante Application Library, Windows | 2025-02-07 | 7.8 High |
| mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files. | ||||
| CVE-2020-5741 | 2 Microsoft, Plex | 2 Windows, Media Server | 2025-02-06 | 7.2 High |
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | ||||
| CVE-2017-12615 | 4 Apache, Microsoft, Netapp and 1 more | 24 Tomcat, Windows, 7-mode Transition Tool and 21 more | 2025-02-06 | 8.1 High |
| When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | ||||
| CVE-2022-44512 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-06 | 7.8 High |
| Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44513 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-06 | 7.8 High |
| Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44514 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-06 | 7.8 High |
| Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-44518 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-06 | 7.8 High |
| Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||