Search
Total
6341 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28841 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28840 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28839 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-25 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28845 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28225 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | |||||
| CVE-2021-40776 | 3 Adobe, Apple, Microsoft | 3 Lightroom, Macos, Windows | 2022-06-24 | 6.6 MEDIUM | 6.1 MEDIUM |
| Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2022-30647 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30648 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30649 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30666 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30668 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30667 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-30669 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28846 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28847 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28848 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28849 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28850 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-06-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42735 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-25261 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2022-06-24 | 7.2 HIGH | 7.8 HIGH |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | |||||
| CVE-2022-28330 | 2 Apache, Microsoft | 2 Http Server, Windows | 2022-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | |||||
| CVE-2021-42732 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-24 | 6.8 MEDIUM | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788) | |||||
| CVE-2021-40727 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-06-24 | 9.3 HIGH | 7.8 HIGH |
| Access of Memory Location After End of Buffer (CWE-788 | |||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-06-23 | 3.6 LOW | 7.1 HIGH |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2022-06-17 | 4.3 MEDIUM | 7.5 HIGH |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | |||||
| CVE-2022-27502 | 2 Microsoft, Realvnc | 2 Windows, Vnc Server | 2022-06-17 | 7.2 HIGH | 7.8 HIGH |
| RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. | |||||
| CVE-2022-30703 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2022-06-16 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. | |||||
| CVE-2022-30702 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2022-06-16 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. | |||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2009-3732 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2022-06-15 | 10.0 HIGH | N/A |
| Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2022-29594 | 2 Eginnovations, Microsoft | 5 Eg Agent, Eg Manager, Eg Rum Collectors and 2 more | 2022-06-13 | 7.2 HIGH | 7.8 HIGH |
| eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | |||||
| CVE-2022-22977 | 2 Microsoft, Vmware | 2 Windows, Tools | 2022-06-09 | 3.6 LOW | 7.1 HIGH |
| VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. | |||||
| CVE-2022-30701 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-06-08 | 7.2 HIGH | 7.8 HIGH |
| An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-30700 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-06-08 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-30687 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2022-06-08 | 6.6 MEDIUM | 7.1 HIGH |
| Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. | |||||
| CVE-2022-28875 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2022-06-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-28944 | 2 Emcosoftware, Microsoft | 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more | 2022-06-07 | 6.8 MEDIUM | 8.8 HIGH |
| Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. | |||||
| CVE-2010-0129 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-06-07 | 9.3 HIGH | 8.8 HIGH |
| Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | |||||
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2022-06-07 | 6.5 MEDIUM | 8.8 HIGH |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-28874 | 4 Apple, F-secure, Microsoft and 1 more | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2021-42733 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2022-06-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2011-4372 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. | |||||
| CVE-2011-4373 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. | |||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2022-06-03 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||||
| CVE-2021-26630 | 2 Handysoft, Microsoft | 2 Groupware, Windows | 2022-06-01 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function. | |||||
| CVE-2022-30994 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 | |||||
| CVE-2022-30991 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2022-30993 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2022-30990 | 3 Acronis, Linux, Microsoft | 4 Agent, Cyber Protect, Linux Kernel and 1 more | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 | |||||