Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-29326

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Jun, 2023 | 14:52
Updated At-01 Jan, 2025 | 01:43
Rejected At-
Credits

.NET Framework Remote Code Execution Vulnerability

.NET Framework Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Jun, 2023 | 14:52
Updated At:01 Jan, 2025 | 01:43
Rejected At:
â–¼CVE Numbering Authority (CNA)
.NET Framework Remote Code Execution Vulnerability

.NET Framework Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8
Platforms
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
Versions
Affected
  • From 4.8.0 before 4.8.4644.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.7.2
Platforms
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
Versions
Affected
  • From 4.7.0 before 4.7.4050.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Platforms
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
Versions
Affected
  • From 3.0.0.0 before 10.0.14393.5989 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 AND 4.8.1
Platforms
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows 11 version 21H2 for x64-based Systems
  • Windows 11 version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for 32-bit Systems
Versions
Affected
  • From 4.8.1 before 4.8.9166.0 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 2.0 Service Pack 2
Platforms
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
Versions
Affected
  • From 2.0.0 before 3.0.6920.8954; 2.0.50727.8970 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.0 Service Pack 2
Platforms
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
Versions
Affected
  • From 3.0.0 before 3.0.6920.8954; 2.0.50727.8970 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5
Platforms
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
Versions
Affected
  • From 3.5.0 before 3.0.6920.8954; 2.0.50727.8970 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5.1
Platforms
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Versions
Affected
  • From 3.5.0 before 3.0.6920.8954; 2.0.50727.8970 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft .NET Framework 3.5 and 4.6.2
Platforms
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
Versions
Affected
  • From 4.7.0 before 10.0.10240.19983 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Jun, 2023 | 15:15
Updated At:22 Jun, 2023 | 20:09

.NET Framework Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5.1
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1507>>-
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1507>>-
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_22h2>>-
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_22h2>>-
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.8.1
cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_21h2>>-
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_22h2>>-
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_21h2>>-
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_11_22h2>>-
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11_22h2>>-
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.8
cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1809>>-
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10_1607>>-
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>.net_framework>>4.7
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2201Records found
CVE-2024-38171
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.47% / 64.01%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PowerPoint Remote Code Execution Vulnerability

Microsoft PowerPoint Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelpowerpoint365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft PowerPoint 2016Microsoft Office 2019Microsoft Office LTSC 2021
CWE ID-CWE-416
Use After Free
CVE-2020-24412
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.65% / 91.01%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:57
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Memory Corruption Vulnerability

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38169
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.33%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft 365 Apps for Enterprise
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2012-1535
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-91.68% / 99.67%
||
7 Day CHG~0.00%
Published-15 Aug, 2012 | 10:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.Microsoft CorporationopenSUSEAdobe Inc.Linux Kernel Organization, IncApple Inc.
Product-mac_os_xflash_playerenterprise_linux_serverwindowslinux_kernelenterprise_linux_desktopopensuselinux_enterprise_desktopenterprise_linux_workstationn/aFlash Player
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-24411
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.42%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:55
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Vulnerability

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-24424
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7||HIGH
EPSS-0.84% / 74.35%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 20:53
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path in Adobe Premiere Pro for Windows

Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowspremiere_promacosPremiere
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-24420
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7||HIGH
EPSS-0.43% / 62.41%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 20:50
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in Adobe Photoshop for Windows

Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsphotoshopPhotoshop
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-24437
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-10.03% / 92.91%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:31
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead to Arbitrary Code Execution

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2020-24413
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.65% / 91.01%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:55
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Memory Corruption Vulnerability

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39843
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-31.33% / 96.65%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39820
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.65% / 89.08%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 16:53
Updated-23 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39816
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.63% / 81.57%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:35
Updated-23 Apr, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0151
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-89.01% / 99.51%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 21:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2003windows_server_2008windows_vistawindows_xpn/aWindows
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21917
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.05% / 83.57%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video Extensions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-0754
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-92.09% / 99.69%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 19:00
Updated-17 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncMicrosoft CorporationApple Inc.Oracle CorporationGoogle LLCAdobe Inc.
Product-solariswindowslinux_kernelflash_playerandroidmac_os_xn/aFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-24410
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.83% / 87.91%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:56
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Vulnerability

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-10198
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.98%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:28
Updated-20 Jan, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LizardBytes Sunshine for Windows contains a DLL search-order hijacking vulnerability

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.

Action-Not Available
Vendor-lizardbyteLizardByteMicrosoft Corporation
Product-sunshinewindowsSunshine for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-24414
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.65% / 91.01%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:56
Updated-17 Sep, 2024 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Memory Corruption Vulnerability

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorIllustrator
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-0014
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-52.27% / 97.85%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-.net_frameworkwindowswindows_7windows_xpwindows_server_2008windows_server_2003silverlightwindows_vistamac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-33133
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-35.86% / 96.98%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serveroffice_long_term_servicing_channelexcel365_appsMicrosoft Excel 2013 Service Pack 1Microsoft 365 Apps for EnterpriseMicrosoft Office Online ServerMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021Microsoft Excel 2016
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-39831
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.15% / 88.44%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:36
Updated-23 Apr, 2025 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-framemakerwindowsFrameMaker
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23390
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.90% / 75.30%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3D Builder Remote Code Execution Vulnerability

3D Builder Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-3d_builder3D Builder
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-23282
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.43% / 80.38%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:07
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paint 3D Remote Code Execution Vulnerability

Paint 3D Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-paint_3dPaint 3D
CVE-2021-38655
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.00% / 91.28%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsoffice_online_serverofficeexcel365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CWE ID-CWE-416
Use After Free
CVE-2021-38644
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.78% / 73.24%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability

Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-mpeg-2_video_extensionMPEG-2 Video Extension
CVE-2021-38656
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.19% / 92.02%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2021-38658
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.20% / 88.50%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office 2013 Service Pack 1Microsoft Office 2016Microsoft Office 2019
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-38660
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.01% / 89.51%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-18 Nov, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-excelMicrosoft Excel 2013 Service Pack 1
CVE-2024-9826
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.29%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:14
Updated-26 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-416
Use After Free
CVE-2021-38661
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.11% / 77.77%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video Extensions
CVE-2021-38571
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.14%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:14
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka CNVD-C-2021-68000 and CNVD-C-2021-68502.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readern/a
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-21780
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.58% / 87.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3D Builder Remote Code Execution Vulnerability

3D Builder Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-3d_builder3D Builder
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-33161
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.08%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-415
Double Free
CVE-2023-33149
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 73.08%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-28 Feb, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft Office 2019 for MacMicrosoft Office 2016Microsoft Office 2019Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC for Mac 2021Microsoft Office 2013 Service Pack 1
CWE ID-CWE-416
Use After Free
CVE-2023-33152
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.96% / 76.08%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-28 Feb, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ActiveX Remote Code Execution Vulnerability

Microsoft ActiveX Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft Office 2016Microsoft Office 2019Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2013 Service Pack 1
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-21874
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.31% / 86.99%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Security Center API Remote Code Execution Vulnerability

Windows Security Center API Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-21992
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.11% / 77.76%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Device Management Remote Code Execution Vulnerability

Windows Mobile Device Management Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2020-4266
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.39%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_analysts_notebookwindowsi2 Analysts Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-2005
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-67.09% / 98.52%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 01:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpn/aAncillary Function Driver (afd.sys)
CVE-2023-33146
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 77.99%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:25
Updated-28 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-21971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-87.06% / 99.42%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-30 Oct, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-08||Apply updates per vendor instructions.
Windows Runtime Remote Code Execution Vulnerability

Windows Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_10_1909windows_10_21h1windows_10_21h2windows_server_2022windows_10_1809windows_server_2019windows_server_20h2windows_10_20h2Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 21H2Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Windows
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-38646
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-42.73% / 97.39%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 11:24
Updated-30 Oct, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft Office 2019Microsoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office 2013 Service Pack 1Office
CVE-2021-37969
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.72% / 72.06%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

Action-Not Available
Vendor-Google LLCMicrosoft CorporationFedora ProjectDebian GNU/Linux
Product-chromewindowsfedoradebian_linuxChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-33137
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.56% / 85.23%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:25
Updated-28 Feb, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverofficeMicrosoft Office Online ServerMicrosoft Excel 2016Microsoft Office 2019Microsoft Excel 2013 Service Pack 1
CWE ID-CWE-415
Double Free
CVE-2023-33158
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.60%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-28 Feb, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft Office 2019 for MacMicrosoft Office for UniversalMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC for Mac 2021
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2022-22024
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.49%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:36
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fax Service Remote Code Execution Vulnerability

Windows Fax Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2022-21927
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.89% / 82.90%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionsHEVC Video Extension
CVE-2020-19725
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.61%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-04 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-z3n/a
CWE ID-CWE-416
Use After Free
CVE-2023-32047
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.09% / 77.61%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paint 3D Remote Code Execution Vulnerability

Paint 3D Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-paint_3dPaint 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-32027
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 77.99%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 00:44
Updated-28 Feb, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-odbc_driver_for_sql_serversql_serverMicrosoft Visual Studio 2022 version 17.4Microsoft ODBC Driver 18 for SQL Server on WindowsMicrosoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft ODBC Driver 17 for SQL Server on WindowsMicrosoft Visual Studio 2022 version 17.2Microsoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 18 for SQL Server on LinuxMicrosoft ODBC Driver 17 for SQL Server on MacOSMicrosoft ODBC Driver 17 for SQL Server on Linux
CWE ID-CWE-122
Heap-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 44
  • 45
  • Next
Details not found