Filtered by vendor Microsoft
Subscribe
Total
21680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30196 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 8.2 HIGH |
| Windows Secure Channel Denial of Service Vulnerability | |||||
| CVE-2022-30187 | 1 Microsoft | 2 Azure Storage Blobs, Azure Storage Queue | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Azure Storage Library Information Disclosure Vulnerability | |||||
| CVE-2022-30181 | 1 Microsoft | 1 Azure Site Recovery | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Azure Site Recovery Elevation of Privilege Vulnerability | |||||
| CVE-2022-30170 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.3 HIGH |
| Windows Credential Roaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-30144 | 1 Microsoft | 4 Windows 10, Windows 11, Windows 8.1 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows Bluetooth Service Remote Code Execution Vulnerability | |||||
| CVE-2022-30134 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2022-30133 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | |||||
| CVE-2022-30130 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| .NET Framework Denial of Service Vulnerability | |||||
| CVE-2022-30055 | 2 Mersenne, Microsoft | 2 Prime95, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-2330 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly. | |||||
| CVE-2022-2188 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker. | |||||
| CVE-2022-2170 | 1 Microsoft | 1 Microsoft Advertising Universal Event Tracking | 2024-11-21 | N/A | 4.8 MEDIUM |
| The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. | |||||
| CVE-2022-2162 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. | |||||
| CVE-2022-2160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | |||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | |||||
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | |||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | |||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | |||||
| CVE-2022-29804 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | |||||