Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17067 | 2 Microsoft, Putty | 2 Windows, Putty | 2019-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | |||||
| CVE-2018-13864 | 2 Lightbend, Microsoft | 2 Play Framework, Windows | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2019-11-22 | 7.5 HIGH | 10.0 CRITICAL |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | |||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | |||||
| CVE-2019-16861 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2019-11-20 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2019-14602 | 2 Intel, Microsoft | 2 Nuvoton Consumer Infrared, Windows | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-18196 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2019-11-18 | 6.9 MEDIUM | 6.7 MEDIUM |
| A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default. | |||||
| CVE-2018-21026 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | |||||
| CVE-2019-17360 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Device Manager, Infrastructure Analytics Advisor, Replication Manager and 5 more | 2019-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | |||||
| CVE-2019-1398 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-15 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397. | |||||
| CVE-2019-1418 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-11-14 | 2.1 LOW | 3.3 LOW |
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | |||||
| CVE-2019-1373 | 1 Microsoft | 1 Exchange Server | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1381 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'. | |||||
| CVE-2019-0719 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-14 | 9.0 HIGH | 9.1 CRITICAL |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721. | |||||
| CVE-2019-0721 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-11-14 | 9.0 HIGH | 9.1 CRITICAL |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719. | |||||
| CVE-2019-1402 | 1 Microsoft | 2 Office, Office 365 | 2019-11-14 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | |||||
| CVE-2019-1441 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-11-14 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1369 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||
| CVE-2019-1370 | 1 Microsoft | 1 Open Enclave Software Development Kit | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'. | |||||