CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 65/121 • 14518 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14518 CVEs for this tag (all time). In the last 365 days, 1678 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2019-05-16
Medium

CVE-2019-0886

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hy…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-0885

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-0882

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-0881

An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2019-0863

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-0758

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-0734

An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an att…

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2019-0733

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Secur…

CVSS: 5.3 CWE: N/A View on NVD
Critical

CVE-2019-0725

A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-0707

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vu…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
2019-05-15
High

CVE-2019-1773

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected sys…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2019-1772

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected sys…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2019-1771

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected sys…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2019-5526

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2019-05-14
Critical

CVE-2019-3568

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2019-11204

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information n…

CVSS: 8.8 CWE: N/A View on NVD
2019-05-13
Medium

CVE-2018-18524

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note unde…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2019-11888

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2019-05-10
Medium

CVE-2019-5677

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buff…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2019-5676

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known a…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2019-5675

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly sy…

CVSS: 7.8 CWE: CWE-662 - Improper Synchronization View on NVD
High

CVE-2019-5495

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via…

CVSS: 7.5 CWE: CWE-254 View on NVD
2019-05-09
Critical

CVE-2019-6548

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Wind…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2019-6544

GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the executi…

CVSS: 5.6 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2019-9847

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the h…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2019-05-07
Critical

CVE-2018-6634

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account.

CVSS: 9.8 CWE: CWE-613 - Insufficient Session Expiration View on NVD
2019-05-02
High

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies w…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2019-04-30
High

CVE-2019-9486

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpo…

CVSS: 8.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2019-04-29
High

CVE-2019-8454

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server,…

CVSS: 7.0 CWE: CWE-65 - Windows Hard Link View on NVD
2019-04-26
Medium

CVE-2019-9801

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happe…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2019-9794

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files…

CVSS: 9.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2019-04-25
Medium

CVE-2018-18366

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.70…

CVSS: 6.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2018-18369

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerabi…

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2019-04-24
High

CVE-2019-11490

An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. Th…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
2019-04-23
Critical

CVE-2019-2699

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticat…

CVSS: 9.0 CWE: N/A View on NVD
2019-04-22
High

CVE-2019-8452

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission c…

CVSS: 7.8 CWE: CWE-65 - Windows Hard Link View on NVD
Medium

CVE-2019-10246

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it…

CVSS: 5.3 CWE: CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies View on NVD
2019-04-19
High

CVE-2019-11354

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox a…

CVSS: 7.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2019-04-15
High

CVE-2019-0232

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a b…

CVSS: 8.1 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2019-04-10
Medium

CVE-2019-0042

Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an…

CVSS: 4.2 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2019-04-09
Low

CVE-2019-1573

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to…

CVSS: 2.5 CWE: CWE-226 - Sensitive Information in Resource Not Removed Before Reuse View on NVD
High

CVE-2019-0879

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0877

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0859

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0856

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2019-0853

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

CVSS: 8.8 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
High

CVE-2019-0851

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-0849

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-0847

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0846

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0845

A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2019-0844

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2019-0842

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-0841

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2019-0840

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-0839

An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is…

CVSS: 4.4 CWE: N/A View on NVD
High

CVE-2019-0838

An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0836

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Critical

CVE-2019-0813

An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2019-0805

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2019-0803

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-0802

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-0796

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 5.5 CWE: CWE-264 View on NVD
High

CVE-2019-0735

An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerab…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2019-0732

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Secu…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2019-0731

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2019-0730

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2019-0688

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.

CVSS: 7.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
High

CVE-2019-0685

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-5512

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2019-5511

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2017-17023

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure…

CVSS: 8.1 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
Medium

CVE-2019-3880

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they…

CVSS: 5.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2019-0821

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-0808

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0797

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is uniqu…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2019-0784

A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory, aka 'Windows ActiveX Remote Code Execution Vulnerability'.

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2019-0782

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2019-0775

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2019-0774

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-0772

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique fr…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2019-0767

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2019-0766

An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-0759

An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory, aka 'Windows Print Spooler Information Disclosure Vulnerability'.

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-0755

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-0754

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2019-0726

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2019-0704

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-0703

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-0702

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2019-0701

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Se…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2019-0698

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2019-0697

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'.…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-0696

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-0695

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Se…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-0694

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2019-0693

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2019-0692

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2019-0690

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-0689

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2019-0682

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2019-04-08
High

CVE-2019-0667

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique fr…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-0666

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique fr…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-0665

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique fr…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2019-0617

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2019-0614

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is u…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-0603

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2019-11014

The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can cre…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-20341

WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enc…

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2019-04-03
High

CVE-2018-4464

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows,…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4443

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4442

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4441

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2018-4440

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2018-4439

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-4438

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, i…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4437

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows,…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4416

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4414

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windo…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2018-4412

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windo…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD