Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21519 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1794 2 Codesys, Microsoft 2 Opc Da Server, Windows 2024-11-21 4.7 MEDIUM 5.5 MEDIUM
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.
CVE-2022-1316 2 Microsoft, Zerotier 2 Windows, Zerotierone 2024-11-21 7.2 HIGH 8.8 HIGH
Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation
CVE-2022-1128 2 Google, Microsoft 2 Chrome, Windows 2024-11-21 N/A 6.5 MEDIUM
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.
CVE-2022-0883 2 Microsoft, Snowsoftware 2 Windows, Snow License Manager 2024-11-21 4.6 MEDIUM 7.3 HIGH
SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.
CVE-2022-0807 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2022-0806 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
CVE-2022-0805 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
CVE-2022-0804 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0803 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0802 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0799 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
CVE-2022-0798 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2022-0797 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2022-0796 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0791 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
CVE-2022-0483 2 Acronis, Microsoft 2 Vss Doctor, Windows 2024-11-21 4.6 MEDIUM 7.8 HIGH
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53
CVE-2022-0337 2 Google, Microsoft 2 Chrome, Windows 2024-11-21 N/A 6.5 MEDIUM
Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)
CVE-2022-0280 2 Mcafee, Microsoft 2 Total Protection, Windows 2024-11-21 3.3 LOW 7.5 HIGH
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
CVE-2022-0029 2 Microsoft, Paloaltonetworks 2 Windows, Cortex Xdr Agent 2024-11-21 N/A 5.5 MEDIUM
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
CVE-2022-0026 2 Microsoft, Paloaltonetworks 2 Windows, Cortex Xdr Agent 2024-11-21 7.2 HIGH 6.7 MEDIUM
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.