CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 50/121 • 14518 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14518 CVEs for this tag (all time). In the last 365 days, 1678 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2021-02-10
High

CVE-2021-23882

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by p…

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-23880

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of t…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-23878

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and cre…

CVSS: 7.3 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2021-02-09
High

CVE-2021-21125

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

CVSS: 8.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-02-03
High

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users' password hashes) that is world readable and writable. An unprivileged Windows user…

CVSS: 7.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2020-35152

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing…

CVSS: 4.5 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2021-02-02
Medium

CVE-2021-21292

Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access t…

CVSS: 5.5 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2021-01-29
High

CVE-2021-3176

The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, d…

CVSS: 8.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-35145

Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-3341

A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the hos…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-01-26
High

CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8…

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example,…

CVSS: 7.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2020-26941

A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The poss…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2020-25737

An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges duri…

CVSS: 7.8 CWE: N/A View on NVD
2021-01-21
Medium

CVE-2020-3687

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-01-20
High

CVE-2021-1280

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2021-3130

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer…

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2021-2018

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated at…

CVSS: 8.3 CWE: N/A View on NVD
2021-01-18
Medium

CVE-2020-7343

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
2021-01-15
High

CVE-2021-21237

Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program…

CVSS: 7.2 CWE: CWE-426 - Untrusted Search Path View on NVD
2021-01-14
Medium

CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2021-01-13
High

CVE-2021-21010

InCopy version 15.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2021-1240

A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability,…

CVSS: 4.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2021-1237

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL in…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-35686

The SECOMN service in Sound Research DCHU model software component modules (APO) through 2.0.9.17, delivered on HP Windows 10 computers, may allow escalation of privilege via a fake DLL. (As a resolu…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2021-01-12
High

CVE-2021-1710

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-1709

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1708

Windows GDI+ Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD
High

CVE-2021-1706

Windows LUAFV Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1704

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1703

Windows Event Logging Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1702

Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1699

Windows (modem.sys) Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-1697

Windows InstallService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1696

Windows Graphics Component Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-1695

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1694

Windows Update Stack Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1693

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1692

Windows Hyper-V Denial of Service Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2021-1691

Windows Hyper-V Denial of Service Vulnerability

CVSS: 7.7 CWE: N/A View on NVD
High

CVE-2021-1690

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1689

Windows Multipoint Management Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1688

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1687

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1686

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1685

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1682

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1681

Windows WalletService Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1679

Windows CryptoAPI Denial of Service Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2021-1678

Windows Print Spooler Spoofing Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2021-1676

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-1674

Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2021-1672

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2021-1670

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-1669

Windows Remote Desktop Security Feature Bypass Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2021-1663

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-1662

Windows Event Tracing Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1661

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2021-1659

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1657

Windows Fax Compose Form Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1655

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1654

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1653

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1652

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2021-1650

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1646

Windows WLAN Service Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1645

Windows Docker Information Disclosure Vulnerability

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2021-1642

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2021-1637

Windows DNS Query Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in th…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2021-21448

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can acce…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2020-26050

SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-201…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-01-11
High

CVE-2020-35483

AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-01-09
Medium

CVE-2020-5147

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impac…

CVSS: 5.3 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2021-01-08
Medium

CVE-2021-1055

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which improper access control may lead to denial of…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-1054

NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly p…

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2021-1053

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a us…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2021-1052

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can acces…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-1051

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display co…

CVSS: 8.4 CWE: CWE-269 - Improper Privilege Management View on NVD
2021-01-07
High

CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an…

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2020-26085

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) w…

CVSS: 9.9 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
2021-01-06
High

CVE-2020-8884

rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of imprope…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2020-36169

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on th…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2020-36168

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation fo…

CVSS: 9.3 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (a…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openss…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2020-36164

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does n…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2020-36163

An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2020-36162

An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration…

CVSS: 9.3 CWE: N/A View on NVD
High

CVE-2020-36161

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directo…

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2020-36160

An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf config…

CVSS: 9.3 CWE: N/A View on NVD
2021-01-05
High

CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. Thi…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2020-12-29
Critical

CVE-2020-35769

miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.

CVSS: 9.8 CWE: N/A View on NVD
2020-12-27
High

CVE-2020-8290

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of cl…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-8289

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where…

CVSS: 7.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2020-12-24
High

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the n…

CVSS: 7.0 CWE: N/A View on NVD
2020-12-23
Medium

CVE-2020-4642

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".

CVSS: 5.5 CWE: N/A View on NVD
2020-12-22
High

CVE-2020-24680

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.

CVSS: 7.0 CWE: CWE-255 View on NVD
2020-12-21
High

CVE-2020-26284

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%…

CVSS: 7.7 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2020-12-18
High

CVE-2020-27154

The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2020-12-16
High

CVE-2019-14483

AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential man…

CVSS: 8.8 CWE: N/A View on NVD
2020-12-14
High

CVE-2020-8283

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX2861…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-8258

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2020-8257

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-12-11
Critical

CVE-2020-27134

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) w…

CVSS: 9.9 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
Critical

CVE-2020-27133

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) w…

CVSS: 9.9 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
Critical

CVE-2020-27132

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) w…

CVSS: 9.9 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
Critical

CVE-2020-27127

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) w…

CVSS: 9.9 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
High

CVE-2020-24447

Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current use…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-12-10
High

CVE-2020-17140

Windows SMB Information Disclosure Vulnerability

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2020-17139

Windows Overlay Filter Security Feature Bypass Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-17138

Windows Error Reporting Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-17136

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17134

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-17103

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2020-17099

Windows Lock Screen Security Feature Bypass Vulnerability

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2020-17098

Windows GDI+ Information Disclosure Vulnerability

CVSS: 5.5 CWE: N/A View on NVD
Low

CVE-2020-17097

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2020-17096

Windows NTFS Remote Code Execution Vulnerability

CVSS: 7.5 CWE: N/A View on NVD