Filtered by vendor Microsoft
Subscriptions
Total
22113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20206 | 2 Cisco, Microsoft | 2 Secure Client, Windows | 2025-07-22 | 7.1 High |
| A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system. | ||||
| CVE-2024-20391 | 2 Cisco, Microsoft | 2 Secure Client, Windows | 2025-07-22 | 6.8 Medium |
| A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device. | ||||
| CVE-2024-20337 | 4 Apple, Cisco, Linux and 1 more | 4 Macos, Secure Client, Linux Kernel and 1 more | 2025-07-22 | 8.2 High |
| A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access. | ||||
| CVE-2022-47213 | 1 Microsoft | 1 365 Apps | 2025-07-22 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-47212 | 1 Microsoft | 1 365 Apps | 2025-07-22 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-47211 | 1 Microsoft | 1 365 Apps | 2025-07-22 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-44713 | 1 Microsoft | 2 Office, Office Long Term Servicing Channel | 2025-07-22 | 7.5 High |
| Microsoft Outlook for Mac Spoofing Vulnerability | ||||
| CVE-2022-44710 | 1 Microsoft | 1 Windows 11 | 2025-07-22 | 7.8 High |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-44699 | 1 Microsoft | 1 Azure Network Watcher Agent | 2025-07-22 | 5.5 Medium |
| Azure Network Watcher Agent Security Feature Bypass Vulnerability | ||||
| CVE-2022-44689 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2019 and 2 more | 2025-07-22 | 7.8 High |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-44687 | 1 Microsoft | 3 Raw Image Extension, Windows 10, Windows 11 | 2025-07-22 | 7.8 High |
| Raw Image Extension Remote Code Execution Vulnerability | ||||
| CVE-2022-44671 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2025-07-22 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2022-44670 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-22 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-44669 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2025-07-22 | 7 High |
| Windows Error Reporting Elevation of Privilege Vulnerability | ||||
| CVE-2022-41121 | 1 Microsoft | 12 Powershell, Remote Desktop Client, Windows 10 and 9 more | 2025-07-22 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2022-41077 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-22 | 7.8 High |
| Windows Fax Compose Form Elevation of Privilege Vulnerability | ||||
| CVE-2022-41115 | 1 Microsoft | 1 Edge Chromium | 2025-07-22 | 6.6 Medium |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | ||||
| CVE-2022-41076 | 1 Microsoft | 11 Powershell, Windows 10, Windows 11 and 8 more | 2025-07-22 | 8.5 High |
| PowerShell Remote Code Execution Vulnerability | ||||
| CVE-2022-41074 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2025-07-22 | 5.5 Medium |
| Windows Graphics Component Information Disclosure Vulnerability | ||||
| CVE-2022-41094 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-07-22 | 7.8 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||