Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1234 | 1 Microsoft | 1 Azure Stack | 2020-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | |||||
| CVE-2020-0751 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-02-13 | 2.1 LOW | 6.0 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0661. | |||||
| CVE-2018-5064 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5065 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-4985 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-5063 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-8476 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2020-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. | |||||
| CVE-2020-0693 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0694. | |||||
| CVE-2020-0694 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2020-02-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0693. | |||||
| CVE-2020-0661 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-02-13 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751. | |||||
| CVE-2020-3925 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2020-02-12 | 9.3 HIGH | 8.8 HIGH |
| A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. | |||||
| CVE-2015-2062 | 2 Huge-it, Microsoft | 2 Huge-it Slider, Windows | 2020-02-11 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. | |||||
| CVE-2019-4732 | 2 Ibm, Microsoft | 3 Sdk, Websphere Application Server, Windows | 2020-02-06 | 6.9 MEDIUM | 6.5 MEDIUM |
| IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. | |||||
| CVE-2020-3941 | 2 Microsoft, Vmware | 2 Windows, Tools | 2020-02-05 | 4.4 MEDIUM | 7.0 HIGH |
| The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. | |||||
| CVE-2015-0242 | 3 Debian, Microsoft, Postgresql | 3 Debian Linux, Windows, Postgresql | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | |||||
| CVE-2020-3131 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2020-01-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131. | |||||
| CVE-2019-1350 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2020-01-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | |||||
| CVE-2019-1352 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2020-01-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | |||||
| CVE-2019-1349 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2020-01-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | |||||
| CVE-2019-1354 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2020-01-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | |||||
| CVE-2018-8654 | 1 Microsoft | 1 Dynamics 365 | 2020-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1454 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-01-27 | 3.6 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2020-01-27 | 4.6 MEDIUM | 7.8 HIGH |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | |||||
| CVE-2020-7211 | 3 Libslirp Project, Microsoft, Qemu | 3 Libslirp, Windows, Qemu | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | |||||
| CVE-2020-0656 | 1 Microsoft | 1 Dynamics 365 | 2020-01-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||
| CVE-2012-2950 | 2 Gatewaygeomatics, Microsoft | 2 Mapserver, Windows | 2020-01-22 | 9.3 HIGH | 8.1 HIGH |
| Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | |||||
| CVE-2012-4603 | 2 Citrix, Microsoft | 3 Receiver, Xenapp Online, Windows | 2020-01-22 | 9.3 HIGH | 7.8 HIGH |
| Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | |||||
| CVE-2020-0617 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-22 | 4.9 MEDIUM | 6.0 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2020-0605 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2020-01-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606. | |||||
| CVE-2019-13722 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2005-0488 | 3 Microsoft, Mit, Sun | 3 Telnet Client, Kerberos 5, Sunos | 2020-01-21 | 5.0 MEDIUM | N/A |
| Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command. | |||||
| CVE-2019-20362 | 2 Microsoft, Teradici | 4 Windows, Pcoip Client, Pcoip Graphics Agent and 1 more | 2020-01-17 | 7.2 HIGH | 7.8 HIGH |
| In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file. | |||||
| CVE-2020-0621 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-17 | 2.1 LOW | 4.4 MEDIUM |
| A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-0616 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | |||||
| CVE-2019-9197 | 2 Microsoft, Unity3d | 2 Windows, Unity Editor | 2020-01-17 | 6.8 MEDIUM | 8.8 HIGH |
| The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-0635 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-01-17 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644. | |||||
| CVE-2020-0606 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2020-01-17 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. | |||||
| CVE-2020-0601 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-16 | 5.8 MEDIUM | 8.1 HIGH |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | |||||
| CVE-2019-17180 | 2 Microsoft, Valvesoftware | 2 Windows, Steam Client | 2020-01-16 | 7.2 HIGH | 7.8 HIGH |
| Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact. | |||||
| CVE-2019-1332 | 1 Microsoft | 3 Power Bi Report Server, Sql Server 2017 Reporting Services, Sql Server 2019 Reporting Services | 2020-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | |||||
| CVE-2019-19916 | 2 Microsoft, Midori-browser | 2 Windows 10, Midori | 2020-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript. | |||||
| CVE-2019-17015 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
| CVE-1999-1593 | 1 Microsoft | 3 Windows 2000, Windows 95, Windows 98 | 2020-01-10 | 7.6 HIGH | N/A |
| Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. | |||||
| CVE-2018-4386 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2020-01-08 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||||
| CVE-2019-7487 | 2 Microsoft, Sonicwall | 3 Windows, Sonicos, Sonicos Sslvpn Nacagent | 2020-01-08 | 4.6 MEDIUM | 7.8 HIGH |
| Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operating system, an autorun value is created does not put the path in quotes, so if a malicious binary by an attacker within the parent path could allow code execution. | |||||
| CVE-2019-19692 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | |||||
| CVE-2016-4448 | 9 Apple, Hp, Mcafee and 6 more | 21 Icloud, Iphone Os, Itunes and 18 more | 2019-12-27 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. | |||||
| CVE-2019-18232 | 2 Gemalto, Microsoft | 2 Sentinel Ldk License Manager, Windows | 2019-12-19 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system. | |||||
| CVE-2011-5049 | 1 Microsoft | 1 Windows | 2019-12-17 | 4.3 MEDIUM | N/A |
| MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. | |||||
| CVE-2019-5098 | 3 Amd, Microsoft, Vmware | 6 Radeon 550, Radeon 550 Firmware, Radeon Rx 550 and 3 more | 2019-12-17 | 5.0 MEDIUM | 8.6 HIGH |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | |||||