CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 62/122 • 14532 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14532 CVEs for this tag (all time). In the last 365 days, 1692 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2019-11-12
High

CVE-2019-1430

A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could ga…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1424

A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel, aka 'NetLogon Security Feature Bypass Vulnerability'.

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2019-1423

An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1422

An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1420

An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1419

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Co…

CVSS: 8.8 CWE: N/A View on NVD
Low

CVE-2019-1418

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-1417

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1416

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2019-1415

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1412

An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosu…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-1409

An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2019-1408

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1407

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1406

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1405

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerab…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2019-1399

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Se…

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1398

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote…

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1397

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote…

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1396

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1395

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1394

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1393

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-1392

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1391

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2018-12207.

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2019-1389

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote…

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-1388

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerabilit…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-1385

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability,…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2019-1384

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted a…

CVSS: 9.9 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2019-1383

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1381

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations, aka 'Microsoft Windows Information Disclosure Vulnerability'.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-1379

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. This…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1374

An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2019-1324

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2019-1310

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-1309

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2019-0721

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V…

CVSS: 9.1 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2019-0719

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V…

CVSS: 9.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-0712

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-4652

IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform u…

CVSS: 7.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2019-11-09
Low

CVE-2009-3552

In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAM…

CVSS: 3.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2019-5694

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (al…

CVSS: 6.5 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2019-5693

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) in which the program accesses or uses a pointer that has not been initialized, which…

CVSS: 5.5 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
High

CVE-2019-5692

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the product uses untrusted input when calculating…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2019-5691

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2019-5690

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, whic…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2019-11-05
Critical

CVE-2019-18780

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. The…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2019-1789

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL f…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-18631

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11), and 3.6.0 (19.6) does not properly handle an unspecif…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2019-10-31
High

CVE-2019-18368

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.

CVSS: 7.3 CWE: N/A View on NVD
2019-10-29
High

CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unatt…

CVSS: 8.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2019-16647

Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.

CVSS: 7.2 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Critical

CVE-2019-10211

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2019-10210

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

CVSS: 7.0 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2019-10-28
High

CVE-2019-3636

A File Masquerade vulnerability in McAfee Total Protection (MTP) version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Wind…

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2019-10-25
Medium

CVE-2019-13546

In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked appli…

CVSS: 6.8 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
Critical

CVE-2016-5202

browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an er…

CVSS: 9.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-10-24
Medium

CVE-2019-18196

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6…

CVSS: 6.7 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2019-6692

A malicious DLL preload vulnerability in Fortinet FortiClient for Windows 6.2.0 and below allows a privileged attacker to perform arbitrary code execution via forging that DLL.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2019-10-23
High

CVE-2019-18278

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the…

CVSS: 7.8 CWE: N/A View on NVD
2019-10-17
High

CVE-2019-15627

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note…

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2019-17670

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.

CVSS: 9.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2019-10-16
Medium

CVE-2019-17435

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature ca…

CVSS: 5.5 CWE: N/A View on NVD
2019-10-10
High

CVE-2019-1378

An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileg…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2019-1368

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2019-1364

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE I…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1363

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted syst…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-1362

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE I…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1359

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1358

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1347

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-1346

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-1345

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-1344

An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-1343

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-1342

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. Thi…

CVSS: 7.8 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2019-1341

An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1340

An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1339

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2019-1338

A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses,…

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2019-1337

An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-1336

An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerab…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1334

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2019-1333

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2019-1326

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Pr…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2019-1325

An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-b…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2019-1323

An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerab…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1322

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-20…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1321

An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulne…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1320

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-20…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1319

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1318

A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.

CVSS: 5.9 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2019-1317

A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-1316

An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-1315

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2019-1314

A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vu…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2019-1311

A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1230

An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating syst…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-1166

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering V…

CVSS: 5.9 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
2019-10-05
High

CVE-2019-17199

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-10-04
High

CVE-2019-17180

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-10-03
Medium

CVE-2019-15162

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

CVSS: 5.3 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2019-10-01
Critical

CVE-2019-17067

PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.

CVSS: 9.8 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2019-09-27
High

CVE-2019-11753

The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service…

CVSS: 7.8 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
High

CVE-2019-11751

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used t…

CVSS: 8.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
High

CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2019-09-24
Medium

CVE-2019-14220

An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows…

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-09-20
Medium

CVE-2019-6145

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators c…

CVSS: 6.7 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2019-09-16
High

CVE-2019-0207

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-09-13
Medium

CVE-2019-3646

DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execut…

CVSS: 6.9 CWE: CWE-714 View on NVD
2019-09-12
High

CVE-2019-11899

An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client ins…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2019-09-11
High

CVE-2019-1303

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on th…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1294

A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2019-1293

An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory, aka 'Windows SMB Client Driver Information Disclos…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2019-1292

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

CVSS: 4.9 CWE: N/A View on NVD
High

CVE-2019-1291

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2019-1290

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE…

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2019-1289

An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of P…

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2019-1287

An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-1286

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD