CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 48/121 • 14517 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14517 CVEs for this tag (all time). In the last 365 days, 1677 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-05-11
Medium

CVE-2021-3504

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registr…

CVSS: 5.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-26143

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adve…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-26141

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adver…

CVSS: 6.5 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
Medium

CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abu…

CVSS: 6.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
High

CVE-2021-31208

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-31205

Windows SMB Client Security Feature Bypass Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-31193

Windows SSDP Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-31192

Windows Media Foundation Core Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-31191

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-31190

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-31188

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-31187

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-31186

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

CVSS: 7.4 CWE: N/A View on NVD
Medium

CVE-2021-31185

Windows Desktop Bridge Denial of Service Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-31184

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-31170

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2021-31169

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-31168

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-31167

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2021-31165

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2021-28479

Windows CSC Service Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2021-28476

Windows Hyper-V Remote Code Execution Vulnerability

CVSS: 9.9 CWE: N/A View on NVD
Medium

CVE-2021-27612

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal…

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Critical

CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

CVSS: 9.8 CWE: N/A View on NVD
2021-05-06
High

CVE-2021-1496

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executab…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
High

CVE-2021-1430

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executab…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
High

CVE-2021-1429

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executab…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
High

CVE-2021-1428

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executab…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
High

CVE-2021-1427

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executab…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
High

CVE-2021-1426

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executab…

CVSS: 7.0 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
2021-05-05
High

CVE-2020-13664

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefull…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyo…

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
2021-05-04
High

CVE-2020-27518

All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openv…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-04-30
High

CVE-2021-21233

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-04-29
High

CVE-2021-31776

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to wr…

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2021-04-23
Critical

CVE-2021-22893

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2021-04-22
Medium

CVE-2021-2312

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high p…

CVSS: 4.4 CWE: N/A View on NVD
2021-04-21
Medium

CVE-2021-1078

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2021-1077

NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, whic…

CVSS: 6.6 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2021-1076

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of servic…

CVSS: 6.6 CWE: N/A View on NVD
High

CVE-2021-1075

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that c…

CVSS: 7.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2021-1074

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. T…

CVSS: 7.3 CWE: N/A View on NVD
2021-04-20
Medium

CVE-2021-3038

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that resul…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2021-04-15
Medium

CVE-2021-26582

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploite…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2021-23887

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel address…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-23886

Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modi…

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS a…

CVSS: 4.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2021-04-14
High

CVE-2021-28826

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2021-28825

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - E…

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2021-04-13
Medium

CVE-2021-3463

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

CVSS: 4.2 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2021-3462

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2021-29428

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds c…

CVSS: 8.8 CWE: CWE-378 - Creation of Temporary File With Insecure Permissions View on NVD
Medium

CVE-2021-28447

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

CVSS: 4.4 CWE: N/A View on NVD
High

CVE-2021-28446

Windows Portmapping Information Disclosure Vulnerability

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2021-28445

Windows Network File System Remote Code Execution Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2021-28444

Windows Hyper-V Security Feature Bypass Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
Medium

CVE-2021-28443

Windows Console Driver Denial of Service Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28442

Windows TCP/IP Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-28441

Windows Hyper-V Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-28440

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2021-28439

Windows TCP/IP Driver Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-28438

Windows Console Driver Denial of Service Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28437

Windows Installer Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-28436

Windows Speech Runtime Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-28435

Windows Event Tracing Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-28351

Windows Speech Runtime Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-28350

Windows GDI+ Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-28349

Windows GDI+ Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-28348

Windows GDI+ Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-28347

Windows Speech Runtime Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-28328

Windows DNS Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-28326

Windows AppX Deployment Server Denial of Service Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28325

Windows SMB Information Disclosure Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-28324

Windows SMB Information Disclosure Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-28323

Windows DNS Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-178 - Improper Handling of Case Sensitivity View on NVD
High

CVE-2021-28320

Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-28319

Windows TCP/IP Driver Denial of Service Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2021-28318

Windows GDI+ Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28317

Microsoft Windows Codecs Library Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-28316

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability

CVSS: 4.2 CWE: N/A View on NVD
High

CVE-2021-28315

Windows Media Video Decoder Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-28314

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Low

CVE-2021-28312

Windows NTFS Denial of Service Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
Medium

CVE-2021-28311

Windows Application Compatibility Cache Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2021-28309

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-27095

Windows Media Video Decoder Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-27094

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2021-27093

Windows Kernel Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-27090

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-27088

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-27086

Windows Services and Controller App Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2021-27079

Windows Media Photo Codec Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
Medium

CVE-2021-26417

Windows Overlay Filter Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-26416

Windows Hyper-V Denial of Service Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2021-26415

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-26413

Windows Installer Spoofing Vulnerability

CVSS: 6.2 CWE: N/A View on NVD
2021-04-09
High

CVE-2021-30480

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, o…

CVSS: 8.5 CWE: N/A View on NVD
High

CVE-2021-21196

Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-29221

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of oth…

CVSS: 7.0 CWE: CWE-426 - Untrusted Search Path View on NVD
2021-04-08
High

CVE-2021-3146

The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2021-1386

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an authenti…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-04-07
High

CVE-2021-28927

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2021-04-06
High

CVE-2021-27899

The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercep…

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2021-20334

A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This i…

CVSS: 4.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-04-02
High

CVE-2020-9926

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Sec…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2020-29619

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-29618

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-29617

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-29611

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-27933

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, S…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2021-04-01
High

CVE-2021-23923

An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users.

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
2021-03-31
Medium

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7…

CVSS: 4.5 CWE: N/A View on NVD
2021-03-29
Medium

CVE-2021-29416

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configura…

CVSS: 6.5 CWE: N/A View on NVD
2021-03-25
High

CVE-2021-27194

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and pass…

CVSS: 8.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2021-27192

Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-03-24
Critical

CVE-2021-1418

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating s…

CVSS: 9.9 CWE: CWE-170 - Improper Null Termination View on NVD
Critical

CVE-2021-1417

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating s…

CVSS: 9.9 CWE: CWE-170 - Improper Null Termination View on NVD
Critical

CVE-2021-1411

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating s…

CVSS: 9.9 CWE: CWE-170 - Improper Null Termination View on NVD
Critical

CVE-2021-1471

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating s…

CVSS: 9.9 CWE: CWE-170 - Improper Null Termination View on NVD
Critical

CVE-2021-1469

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating s…

CVSS: 9.9 CWE: CWE-170 - Improper Null Termination View on NVD