Filtered by vendor Microsoft
Subscribe
Search
Total
6671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0920 | 1 Microsoft | 1 Excel | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-1011, CVE-2018-1027, CVE-2018-1029. | |||||
| CVE-2019-16305 | 2 Microsoft, Mobatek | 2 Windows, Mobaxterm | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. | |||||
| CVE-2019-15627 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security | 2020-08-24 | 6.6 MEDIUM | 7.1 HIGH |
| Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected. | |||||
| CVE-2019-15316 | 2 Microsoft, Valvesoftware | 2 Windows, Steam Client | 2020-08-24 | 6.9 MEDIUM | 7.0 HIGH |
| Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | |||||
| CVE-2019-15315 | 2 Microsoft, Valvesoftware | 2 Windows, Steam Client | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. | |||||
| CVE-2019-14935 | 2 3cx, Microsoft | 2 3cx, Windows | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | |||||
| CVE-2019-1485 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | |||||
| CVE-2018-0903 | 1 Microsoft | 2 Access, Office | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". | |||||
| CVE-2019-1478 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1477 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-14685 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | |||||
| CVE-2019-1468 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1462 | 1 Microsoft | 3 Office, Office 365 Proplus, Powerpoint | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1457 | 1 Microsoft | 1 Office | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'. | |||||
| CVE-2018-0893 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935. | |||||
| CVE-2019-14565 | 3 Intel, Linux, Microsoft | 3 Software Guard Extensions Sdk, Linux Kernel, Windows | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | |||||
| CVE-2019-1456 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419. | |||||
| CVE-2018-0889 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. | |||||
| CVE-2019-1453 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | |||||
| CVE-2019-1483 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1476. | |||||
| CVE-2019-1448 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1438 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1437. | |||||
| CVE-2019-1437 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438. | |||||
| CVE-2019-1435 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1433, CVE-2019-1437, CVE-2019-1438. | |||||
| CVE-2019-1433 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1407, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438. | |||||
| CVE-2019-1430 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1429 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. | |||||
| CVE-2018-0876 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. | |||||
| CVE-2019-1428 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. | |||||
| CVE-2019-1434 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408. | |||||
| CVE-2019-1427 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429. | |||||
| CVE-2019-1426 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429. | |||||
| CVE-2018-0874 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | |||||
| CVE-2019-1423 | 1 Microsoft | 1 Windows 10 | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1422. | |||||
| CVE-2019-1422 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. | |||||
| CVE-2018-0873 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | |||||
| CVE-2019-14215 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer. | |||||
| CVE-2019-14214 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function. | |||||
| CVE-2018-0872 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | |||||
| CVE-2019-14213 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during CSG_SignatureF and CPDF_Document destruction. | |||||
| CVE-2019-14210 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Memory Corruption due to the use of an invalid pointer copy, resulting from a destructed string object. | |||||
| CVE-2019-1420 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423. | |||||
| CVE-2018-0866 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2020-08-24 | 9.3 HIGH | 7.5 HIGH |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861. | |||||
| CVE-2019-1419 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456. | |||||
| CVE-2019-1417 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1379, CVE-2019-1383. | |||||
| CVE-2018-0862 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | |||||
| CVE-2019-1416 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 4.4 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1415 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. | |||||
| CVE-2018-0861 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 9.3 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866. | |||||
| CVE-2019-1414 | 1 Microsoft | 1 Visual Studio Code | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'. | |||||