Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7785 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2025-03-25 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | ||||
| CVE-2023-23475 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-25 | 4.6 Medium |
| IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. | ||||
| CVE-2022-42436 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2025-03-25 | 4 Medium |
| IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | ||||
| CVE-2022-35720 | 3 Ibm, Linux, Microsoft | 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more | 2025-03-25 | 2.3 Low |
| IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | ||||
| CVE-2022-34362 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-03-24 | 4.6 Medium |
| IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. | ||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2025-03-24 | 7.2 High |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | ||||
| CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 11 Debian Linux, Windows, Firefox and 8 more | 2025-03-21 | 7.5 High |
| A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | ||||
| CVE-2024-5591 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | 4.3 Medium |
| IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2024-41780 | 3 Ibm, Linux, Microsoft | 3 Jazz Foundation, Linux Kernel, Windows | 2025-03-21 | 4.2 Medium |
| IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. | ||||
| CVE-2022-45454 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2025-03-21 | 7.5 High |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | ||||
| CVE-2022-45455 | 2 Acronis, Microsoft | 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more | 2025-03-21 | 7.8 High |
| Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | ||||
| CVE-2024-41768 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-21 | 6.5 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. | ||||
| CVE-2024-41767 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-21 | 7.3 High |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2024-41766 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-21 | 7.5 High |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. | ||||
| CVE-2024-41765 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-21 | 6.5 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-41763 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-21 | 5.9 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2023-0132 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2020-5741 | 2 Microsoft, Plex | 2 Windows, Media Server | 2025-03-19 | 7.2 High |
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | ||||
| CVE-2023-23459 | 2 Microsoft, Priority-software | 2 Windows, Priority | 2025-03-19 | 9.1 Critical |
| Priority Windows may allow Command Execution via SQL Injection using an unspecified method. | ||||
| CVE-2023-22368 | 2 Elecom, Microsoft | 3 Camera Assistant, Quickfiledealer, Windows | 2025-03-19 | 7.8 High |
| Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||