Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44699 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2021-12-23 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file. | |||||
| CVE-2021-40784 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-23 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40783 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-23 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-44182 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. | |||||
| CVE-2021-44180 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. | |||||
| CVE-2021-44179 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-44181 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file. | |||||
| CVE-2021-44183 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-43763 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2021-12-22 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file. | |||||
| CVE-2021-43750 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-43749 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-43748 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-43028 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43029 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43026 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43025 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43023 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43022 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-43021 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-22 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2020-19316 | 2 Laravel, Microsoft | 2 Framework, Windows | 2021-12-22 | 6.8 MEDIUM | 8.8 HIGH |
| OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. | |||||
| CVE-2021-43747 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2021-12-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-44023 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2021, Internet Security 2021 and 2 more | 2021-12-20 | 3.6 LOW | 7.1 HIGH |
| A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. | |||||
| CVE-2021-43325 | 2 Automox, Microsoft | 2 Automox, Windows | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. | |||||
| CVE-2021-40827 | 2 Clementine-player, Microsoft | 2 Clementine, Windows | 2021-12-17 | 6.8 MEDIUM | 7.8 HIGH |
| Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user. | |||||
| CVE-2014-2815 | 1 Microsoft | 1 Onenote | 2021-12-16 | 9.3 HIGH | 8.8 HIGH |
| Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability." | |||||
| CVE-2010-1290 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2021-12-16 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291. | |||||
| CVE-2020-5741 | 2 Microsoft, Plex | 2 Windows, Media Server | 2021-12-14 | 6.5 MEDIUM | 7.2 HIGH |
| Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. | |||||
| CVE-2021-31850 | 2 Mcafee, Microsoft | 2 Database Security, Windows | 2021-12-14 | 5.5 MEDIUM | 6.5 MEDIUM |
| A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server. | |||||
| CVE-2007-5277 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560. | |||||
| CVE-2007-5158 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 4.3 MEDIUM | N/A |
| The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. | |||||
| CVE-2006-7066 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-12-13 | 7.1 HIGH | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. | |||||
| CVE-2007-1094 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 7.8 HIGH | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. | |||||
| CVE-2007-3092 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. | |||||
| CVE-2006-5162 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 5.0 MEDIUM | N/A |
| wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. | |||||
| CVE-2006-3899 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-12-13 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. | |||||
| CVE-2006-3898 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. | |||||
| CVE-2006-3605 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. | |||||
| CVE-2006-3427 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. | |||||
| CVE-2006-3591 | 1 Microsoft | 1 Internet Explorer | 2021-12-13 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference. | |||||
| CVE-2006-3729 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-12-13 | 2.6 LOW | N/A |
| DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference. | |||||
| CVE-2006-3512 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-12-13 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference. | |||||
| CVE-2021-42835 | 2 Microsoft, Plex | 2 Windows, Media Server | 2021-12-13 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). | |||||
| CVE-2019-20406 | 2 Atlassian, Microsoft | 3 Confluence, Confluence Server, Windows | 2021-12-13 | 4.4 MEDIUM | 7.8 HIGH |
| The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a DLL file in a directory in the global path environmental variable variable to inject code & escalate their privileges via a DLL hijacking vulnerability. | |||||
| CVE-2006-3511 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2021-12-10 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. | |||||
| CVE-2006-3897 | 1 Microsoft | 2 Internet Explorer, Windows 2000 | 2021-12-10 | 5.0 MEDIUM | N/A |
| Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. | |||||
| CVE-2021-21157 | 4 Fedoraproject, Google, Linux and 1 more | 5 Fedora, Chrome, Linux Kernel and 2 more | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21155 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21150 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-24421 | 2 Adobe, Microsoft | 2 Indesign, Windows | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue. | |||||
| CVE-2021-21096 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2021-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction. | |||||