Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17417 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11657. | |||||
| CVE-2020-17416 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-19 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11497. | |||||
| CVE-2019-6752 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620. | |||||
| CVE-2019-3622 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2020-10-16 | 4.6 MEDIUM | 8.2 HIGH |
| Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links. | |||||
| CVE-2019-1939 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2020-10-16 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by the application on Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to visit a website designed to submit malicious input to the affected application. A successful exploit could allow the attacker to cause the application to modify files and execute arbitrary commands on the system with the privileges of the targeted user. | |||||
| CVE-2019-1458 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-10-15 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-17412 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2020-10-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11224. | |||||
| CVE-2020-17411 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2020-10-15 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190. | |||||
| CVE-2020-17410 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11135. | |||||
| CVE-2020-17413 | 2 Foxitsoftware, Microsoft | 2 3d, Windows | 2020-10-15 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11226. | |||||
| CVE-2020-17414 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-15 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229. | |||||
| CVE-2020-17415 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-10-15 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit PhantomPDF Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11308. | |||||
| CVE-2019-2390 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2020-10-14 | 6.8 MEDIUM | 7.8 HIGH |
| An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22. | |||||
| CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2020-10-13 | 5.0 MEDIUM | N/A |
| The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||||
| CVE-2016-4609 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Icloud, Iphone Os, Itunes and 7 more | 2020-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. | |||||
| CVE-2016-4607 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2020-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | |||||
| CVE-2020-25774 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2019-16784 | 2 Microsoft, Pyinstaller | 2 Windows, Pyinstaller | 2020-10-09 | 4.4 MEDIUM | 7.8 HIGH |
| In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\Windows\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade). | |||||
| CVE-2020-25775 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-10-07 | 6.3 MEDIUM | 6.3 MEDIUM |
| The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. | |||||
| CVE-2019-15285 | 2 Cisco, Microsoft | 4 Webex Meetings, Webex Meetings Online, Webex Meetings Server and 1 more | 2020-10-07 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2019-15283 | 2 Cisco, Microsoft | 4 Webex Meetings, Webex Meetings Online, Webex Meetings Server and 1 more | 2020-10-07 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2019-15287 | 2 Cisco, Microsoft | 4 Webex Meetings, Webex Meetings Online, Webex Meetings Server and 1 more | 2020-10-07 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2019-12812 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | |||||
| CVE-2019-12807 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2020-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. | |||||
| CVE-2019-12806 | 2 Crosscert, Microsoft | 2 Unisign, Windows | 2020-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. | |||||
| CVE-2019-6732 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFParseDateEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7453. | |||||
| CVE-2019-6731 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7369. | |||||
| CVE-2019-6729 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7423. | |||||
| CVE-2020-25773 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | |||||
| CVE-2020-24565 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | |||||
| CVE-2020-24564 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. | |||||
| CVE-2020-25771 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | |||||
| CVE-2020-25770 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | |||||
| CVE-2020-25772 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | |||||
| CVE-2020-4629 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2020-10-02 | 2.1 LOW | 3.3 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370. | |||||
| CVE-2020-24560 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | |||||
| CVE-2020-4324 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2020-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. | |||||
| CVE-2018-7824 | 2 Microsoft, Schneider-electric | 3 Windows, Driver Suite, Modbus Serial Driver | 2020-09-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. | |||||
| CVE-2020-4340 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2020-09-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | |||||
| CVE-2014-2608 | 3 Hpe, Linux, Microsoft | 3 Smart Update Manager, Linux Kernel, Windows | 2020-09-28 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors. | |||||
| CVE-2014-2814 | 1 Microsoft | 2 Service Bus, Windows Server 2012 | 2020-09-28 | 4.0 MEDIUM | N/A |
| Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability." | |||||
| CVE-2017-0258 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-09-28 | 1.9 LOW | 4.7 MEDIUM |
| The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259. | |||||
| CVE-2017-0244 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 6.9 MEDIUM | 6.7 MEDIUM |
| The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2017-0242 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability." | |||||
| CVE-2013-3881 | 1 Microsoft | 1 Windows 7 | 2020-09-28 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability." | |||||
| CVE-2014-0262 | 1 Microsoft | 1 Windows 7 | 2020-09-28 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." | |||||
| CVE-2013-3902 | 1 Microsoft | 1 Windows 7 | 2020-09-28 | 7.2 HIGH | N/A |
| Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." | |||||
| CVE-2019-0602 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664. | |||||
| CVE-2019-0845 | 1 Microsoft | 7 Windows 10, Windows 8.1, Windows Rt 8.1 and 4 more | 2020-09-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'. | |||||
| CVE-2018-8625 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-09-28 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | |||||