Filtered by vendor Microsoft
Subscribe
Total
22861 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5123 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Flash Player Desktop Runtime, Macos and 9 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2015-5119 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2015-3113 | 8 Adobe, Apple, Hp and 5 more | 18 Flash Player, Mac Os X, Insight Orchestration and 15 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. | |||||
| CVE-2015-3043 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. | |||||
| CVE-2015-0313 | 6 Adobe, Apple, Linux and 3 more | 16 Flash Player, Mac Os X, Linux Kernel and 13 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | |||||
| CVE-2015-0310 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-11-17 | 10.0 HIGH | 7.8 HIGH |
| Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | |||||
| CVE-2014-9163 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-11-17 | 10.0 HIGH | 7.8 HIGH |
| Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. | |||||
| CVE-2025-60727 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-60728 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-11-17 | N/A | 4.3 MEDIUM |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-62200 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62201 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62202 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.1 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-62203 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-11-17 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62204 | 1 Microsoft | 1 Sharepoint Server | 2025-11-17 | N/A | 8.0 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-62205 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-11-17 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-59505 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-11-17 | N/A | 7.8 HIGH |
| Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59506 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-11-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59507 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-11-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59508 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-11-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59509 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-11-17 | N/A | 5.5 MEDIUM |
| Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. | |||||