Filtered by vendor Microsoft
Subscribe
Total
21581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26783 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | |||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
| CVE-2022-26629 | 3 Linux, Microsoft, Splus | 3 Linux Kernel, Windows, Soroushplus | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function. | |||||
| CVE-2022-26612 | 2 Apache, Microsoft | 2 Hadoop, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 | |||||
| CVE-2022-26509 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2024-11-21 | N/A | 2.5 LOW |
| Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-26503 | 2 Microsoft, Veeam | 2 Windows, Veeam | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | |||||
| CVE-2022-26488 | 3 Microsoft, Netapp, Python | 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | |||||
| CVE-2022-26240 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26239 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26238 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26237 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26236 | 2 Beckmancoulter, Microsoft | 2 Remisol Advance, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data. | |||||
| CVE-2022-26184 | 2 Microsoft, Python-poetry | 2 Windows, Poetry | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | |||||
| CVE-2022-26183 | 2 Microsoft, Pnpm | 2 Windows, Pnpm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. | |||||
| CVE-2022-25865 | 1 Microsoft | 1 Workspace-tools | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2022-25641 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. | |||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | |||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||||
| CVE-2022-25348 | 2 Hibara, Microsoft | 2 Attachecase, Windows | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2022-25331 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | |||||