Filtered by vendor Microsoft
Subscribe
Search
Total
2970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0661 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-02-13 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751. | |||||
| CVE-2019-4732 | 2 Ibm, Microsoft | 3 Sdk, Websphere Application Server, Windows | 2020-02-06 | 6.9 MEDIUM | 6.5 MEDIUM |
| IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. | |||||
| CVE-2020-3131 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2020-01-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131. | |||||
| CVE-2018-8654 | 1 Microsoft | 1 Dynamics 365 | 2020-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1454 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-01-27 | 3.6 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-0656 | 1 Microsoft | 1 Dynamics 365 | 2020-01-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||
| CVE-2020-0617 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-22 | 4.9 MEDIUM | 6.0 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2019-13722 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-0621 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-17 | 2.1 LOW | 4.4 MEDIUM |
| A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-0616 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | |||||
| CVE-2019-1332 | 1 Microsoft | 3 Power Bi Report Server, Sql Server 2017 Reporting Services, Sql Server 2019 Reporting Services | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | |||||
| CVE-2019-19916 | 2 Microsoft, Midori-browser | 2 Windows 10, Midori | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript. | |||||
| CVE-2019-19692 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | |||||
| CVE-2019-1463 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-12-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400. | |||||
| CVE-2019-0608 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2019-12-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | |||||
| CVE-2019-1486 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio Live Share | 2019-12-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | |||||
| CVE-2019-1487 | 1 Microsoft | 1 Authentication Library | 2019-12-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'. | |||||
| CVE-2019-19460 | 2 Microsoft, Saltosystem | 2 Windows, Proaccess Space | 2019-12-13 | 6.6 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | |||||
| CVE-2019-1400 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-12-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1463. | |||||
| CVE-2019-1474 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-12-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1472. | |||||
| CVE-2019-1472 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-12-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1474. | |||||
| CVE-2019-19719 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2019-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. | |||||
| CVE-2019-1464 | 1 Microsoft | 3 Excel, Office, Office 365 Proplus | 2019-12-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-1469 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-12-11 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-1467 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-12-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466. | |||||
| CVE-2019-16001 | 2 Cisco, Microsoft | 3 Webex Meetings, Webex Teams, Windows | 2019-12-11 | 4.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account. | |||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2019-12-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
| CVE-2019-19489 | 2 Microsoft, Smplayer | 2 Windows, Smplayer | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. | |||||
| CVE-2019-18196 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2019-11-18 | 6.9 MEDIUM | 6.7 MEDIUM |
| A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default. | |||||
| CVE-2019-1381 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | |||||
| CVE-2019-1402 | 1 Microsoft | 2 Office, Office 365 | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | |||||
| CVE-2019-1369 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1370 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1324 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'. | |||||
| CVE-2019-1374 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2019-1446 | 1 Microsoft | 7 Excel, Excel Services, Office and 4 more | 2019-11-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-0712 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-13 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399. | |||||
| CVE-2019-1399 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-13 | 5.5 MEDIUM | 6.2 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310. | |||||
| CVE-2019-1309 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399. | |||||
| CVE-2019-1310 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399. | |||||
| CVE-2019-1439 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2019-1436 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1440. | |||||
| CVE-2019-1440 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436. | |||||
| CVE-2019-5693 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2019-11-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which may lead to denial of service. | |||||
| CVE-2019-18653 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2019-11-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-18654 | 2 Avg, Microsoft | 2 Anti-virus, Windows | 2019-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | |||||
| CVE-2019-8064 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-22 | 4.3 MEDIUM | 4.3 MEDIUM |
| Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2019-8160 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-17070 | 2 Lqd, Microsoft | 2 Liquid Speech Balloon, Internet Explorer | 2019-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. | |||||
| CVE-2019-1334 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345. | |||||