Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
7334 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-1450 | 4 Apple, Cisco, Linux and 1 more | 4 Macos, Anyconnect Secure Mobility Client, Linux Kernel and 1 more | 2023-11-07 | 5.5 Medium |
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin. | ||||
CVE-2021-1258 | 3 Cisco, Mcafee, Microsoft | 3 Anyconnect Secure Mobility Client, Agent Epolicy Orchestrator Extension, Windows | 2023-11-07 | 5.5 Medium |
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. | ||||
CVE-2020-9681 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2023-11-07 | 6.5 Medium |
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction. | ||||
CVE-2020-9668 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2023-11-07 | 7.8 High |
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user. | ||||
CVE-2020-7289 | 2 Mcafee, Microsoft | 2 Active Response, Windows | 2023-11-07 | 7.8 High |
Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2023-11-07 | 7.8 High |
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
CVE-2020-7252 | 2 Mcafee, Microsoft | 2 Data Exchange Layer, Windows | 2023-11-07 | 5.5 Medium |
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | ||||
CVE-2020-6567 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-11-07 | 6.5 Medium |
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
CVE-2020-36605 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2023-11-07 | 4.4 Medium |
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. | ||||
CVE-2020-15988 | 5 Debian, Fedoraproject, Google and 2 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 6.3 Medium |
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. | ||||
CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2023-11-07 | 5.5 Medium |
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | ||||
CVE-2020-11583 | 2 Microsoft, Plesk | 2 Windows, Obsidian | 2023-11-07 | 6.1 Medium |
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | ||||
CVE-2019-9491 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2023-11-07 | 7.8 High |
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. | ||||
CVE-2019-9133 | 3 Fedoraproject, Kmplayer, Microsoft | 3 Fedora, Kmplayer, Windows | 2023-11-07 | 5.5 Medium |
When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn't check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. | ||||
CVE-2019-8454 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2023-11-07 | 7.0 High |
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | ||||
CVE-2019-8075 | 7 Adobe, Apple, Debian and 4 more | 11 Flash Player, Flash Player Desktop Runtime, Macos and 8 more | 2023-11-07 | 7.5 High |
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | ||||
CVE-2019-5874 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-07 | 8.8 High |
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
CVE-2019-5859 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-07 | 8.8 High |
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
CVE-2019-5817 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-11-07 | 8.8 High |
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2019-5806 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2023-11-07 | 8.8 High |
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |