Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9373 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2162 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. | ||||
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | ||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | ||||
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | ||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | ||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-11-21 | 7.5 High |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | ||||
| CVE-2022-29804 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | 7.5 High |
| Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | ||||
| CVE-2022-29594 | 2 Eginnovations, Microsoft | 5 Eg Agent, Eg Manager, Eg Rum Collectors and 2 more | 2024-11-21 | 7.8 High |
| eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | ||||
| CVE-2022-29583 | 2 Microsoft, Service Project | 2 Windows, Service | 2024-11-21 | 7.8 High |
| service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others. | ||||
| CVE-2022-28944 | 2 Emcosoftware, Microsoft | 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more | 2024-11-21 | 8.8 High |
| Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ΒΆΒΆ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. | ||||
| CVE-2022-28883 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 3.5 Low |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28882 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28881 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28880 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28878 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine. | ||||
| CVE-2022-28877 | 2 F-secure, Microsoft | 2 Elements Endpoint Protection, Windows | 2024-11-21 | 4.3 Medium |
| This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation. | ||||
| CVE-2022-28876 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Cloud Protection For Salesforce and 5 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28875 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28874 | 4 Apple, F-secure, Microsoft and 1 more | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2024-11-21 | 4.3 Medium |
| Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | ||||
| CVE-2022-28871 | 3 Apple, F-secure, Microsoft | 4 Mac Os X, Macos, Atlant and 1 more | 2024-11-21 | 4.3 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | ||||