Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7760 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2316 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2024-11-21 | 7.4 High |
| Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | ||||
| CVE-2023-2270 | 2 Microsoft, Netskope | 2 Windows, Netskope | 2024-11-21 | 7 High |
| The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine. | ||||
| CVE-2023-2110 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | 8.2 High |
| Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | ||||
| CVE-2023-29486 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities. | ||||
| CVE-2023-29485 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal disputes the validity of this issue arguing that their DNS Security for Endpoint filters DNS traffic on the endpoint by intercepting system-generated DNS requests. The product was not designed to intercept DNS requests from third-party solutions. | ||||
| CVE-2023-29320 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29319 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29318 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29317 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29316 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29315 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29314 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29313 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29312 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29311 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29310 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29309 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 5.5 Medium |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29308 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-21 | 7.8 High |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29303 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 5.5 Medium |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29299 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 4.7 Medium |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to Unrestricted, making the attack complexity high. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||