Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23391 | 1 Microsoft | 1 Office | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Office for Android Spoofing Vulnerability
|
|||||
| CVE-2023-23390 | 1 Microsoft | 1 3d Builder | 2024-11-21 | N/A | 7.8 HIGH |
|
3D Builder Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23389 | 1 Microsoft | 1 Malware Protection Engine | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Microsoft Defender Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23388 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Windows Bluetooth Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23385 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.0 HIGH |
|
Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23384 | 1 Microsoft | 1 Sql Server | 2024-11-21 | N/A | 7.3 HIGH |
|
Microsoft SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23383 | 1 Microsoft | 1 Azure Service Fabric | 2024-11-21 | N/A | 8.2 HIGH |
|
Service Fabric Explorer Spoofing Vulnerability
|
|||||
| CVE-2023-23382 | 1 Microsoft | 1 Azure Machine Learning | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
|
|||||
| CVE-2023-23381 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23379 | 1 Microsoft | 1 Defender For Iot | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Defender for IoT Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-23378 | 1 Microsoft | 1 Print 3d | 2024-11-21 | N/A | 7.8 HIGH |
|
Print 3D Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23377 | 1 Microsoft | 1 3d Builder | 2024-11-21 | N/A | 7.8 HIGH |
|
3D Builder Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23375 | 1 Microsoft | 2 Odbc, Ole Db | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
|
|||||
| CVE-2023-23208 | 3 Genesys, Linux, Microsoft | 3 Administrator Extension, Linux Kernel, Windows | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.
|
|||||
| CVE-2023-22878 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.
|
|||||
| CVE-2023-22868 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
|
|||||
| CVE-2023-22863 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109.
|
|||||
| CVE-2023-22663 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-22594 | 3 Ibm, Microsoft, Redhat | 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.
|
|||||
| CVE-2023-22448 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2023-22372 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2024-11-21 | N/A | 5.9 MEDIUM |
|
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2023-22337 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
|
|||||
| CVE-2023-22310 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-22305 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2023-22292 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-22290 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.
|
|||||
| CVE-2023-22285 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
|
|||||
| CVE-2023-22275 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-22274 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-22273 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | N/A | 7.2 HIGH |
|
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-22272 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | N/A | 7.5 HIGH |
|
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-22268 | 2 Adobe, Microsoft | 2 Robohelp Server, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2023-22246 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22244 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22243 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22242 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22241 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22240 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22239 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-22238 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||