CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 96/121 • 14515 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14515 CVEs for this tag (all time). In the last 365 days, 1681 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2014-08-12
Critical

CVE-2014-0538

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X a…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2014-4064

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not…

CVSS: 4.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-4060

Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to exec…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-1819

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2014-1814

The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows…

CVSS: 7.2 CWE: CWE-264 View on NVD
Critical

CVE-2014-0546

Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context,…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2014-0318

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2014-0316

Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1…

CVSS: 7.5 CWE: CWE-399 View on NVD
Medium

CVE-2011-2593

Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allow…

CVSS: 6.8 CWE: CWE-189 View on NVD
2014-07-26
High

CVE-2014-4971

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a cra…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
2014-07-23
Critical

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arb…

CVSS: 10.0 CWE: N/A View on NVD
2014-07-20
Medium

CVE-2014-3523

Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote…

CVSS: 5.0 CWE: CWE-399 View on NVD
2014-07-17
Medium

CVE-2014-4228

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and avai…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2014-2487

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to a…

CVSS: 6.9 CWE: N/A View on NVD
2014-07-09
Medium

CVE-2014-4671

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2014-0539

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2014-0537

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adob…

CVSS: 7.5 CWE: CWE-264 View on NVD
2014-07-08
Medium

CVE-2014-2814

Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP m…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2014-2781

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the excha…

CVSS: 7.6 CWE: CWE-264 View on NVD
Medium

CVE-2014-2780

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leve…

CVSS: 6.9 CWE: CWE-264 View on NVD
Critical

CVE-2014-1824

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote a…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2014-1767

Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Win…

CVSS: 7.2 CWE: CWE-415 - Double Free View on NVD
2014-06-28
Critical

CVE-2014-2613

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privil…

CVSS: 9.0 CWE: N/A View on NVD
Medium

CVE-2014-2612

Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sens…

CVSS: 4.0 CWE: N/A View on NVD
2014-06-18
Critical

CVE-2011-2592

Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-06-11
Critical

CVE-2014-0536

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-0535

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2014-0534

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK &…

CVSS: 7.5 CWE: CWE-264 View on NVD
Medium

CVE-2014-0533

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2014-0532

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2014-0531

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AI…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2014-1818

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Offi…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2014-1817

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows S…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1811

The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows r…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2014-0296

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for…

CVSS: 5.1 CWE: CWE-310 View on NVD
2014-05-31
Medium

CVE-2014-3793

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows gue…

CVSS: 5.8 CWE: N/A View on NVD
2014-05-30
High

CVE-2013-6744

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT p…

CVSS: 8.5 CWE: CWE-264 View on NVD
Medium

CVE-2014-3924

Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-05-14
High

CVE-2014-1812

The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle…

CVSS: 8.8 CWE: CWE-255 View on NVD
High

CVE-2014-1807

The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and…

CVSS: 7.2 CWE: CWE-264 View on NVD
Critical

CVE-2014-0529

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-0528

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: CWE-399 View on NVD
Critical

CVE-2014-0527

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: CWE-399 View on NVD
Critical

CVE-2014-0526

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-0525

The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via un…

CVSS: 10.0 CWE: CWE-264 View on NVD
Critical

CVE-2014-0524

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-0523

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-0522

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vec…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-0521

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2014-0520

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2014-0519

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2014-0518

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2014-0517

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass in…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2014-0516

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to by…

CVSS: 7.5 CWE: CWE-264 View on NVD
Medium

CVE-2014-0256

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2014-0255

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 S…

CVSS: 9.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2014-05-08
High

CVE-2013-5016

Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.

CVSS: 7.6 CWE: CWE-264 View on NVD
2014-05-06
High

CVE-2014-1736

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or p…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2014-04-30
Critical

CVE-2014-1528

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of ser…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-1520

maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan…

CVSS: 6.9 CWE: CWE-269 - Improper Privilege Management View on NVD
2014-04-29
Critical

CVE-2014-0515

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitra…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-04-26
High

CVE-2014-1735

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a de…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-1734

Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other im…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2014-1733

The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which mi…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2014-1732

Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-1731

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check render…

CVSS: 7.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2014-1730

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to…

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2014-04-23
Medium

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercas…

CVSS: 5.0 CWE: N/A View on NVD
2014-04-18
Medium

CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2013-7369

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Ant…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2014-04-16
Medium

CVE-2014-2441

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and avai…

CVSS: 4.4 CWE: N/A View on NVD
2014-04-15
Medium

CVE-2014-2384

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via…

CVSS: 4.9 CWE: CWE-399 View on NVD
Low

CVE-2014-0348

The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option…

CVSS: 3.5 CWE: CWE-287 - Improper Authentication View on NVD
2014-04-12
High

CVE-2014-0773

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values…

CVSS: 7.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2014-04-11
Medium

CVE-2014-2848

A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp direc…

CVSS: 6.9 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2014-04-08
Medium

CVE-2014-0509

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 1…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2014-0508

Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13…

CVSS: 5.0 CWE: CWE-264 View on NVD
Critical

CVE-2014-0507

Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adob…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2014-0315

Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows…

CVSS: 6.9 CWE: CWE-426 - Untrusted Search Path View on NVD
2014-04-01
Critical

CVE-2013-2278

Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unk…

CVSS: 10.0 CWE: N/A View on NVD
2014-03-31
Medium

CVE-2014-2671

Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-03-27
Critical

CVE-2014-0506

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on…

CVSS: 10.0 CWE: CWE-399 View on NVD
2014-03-16
High

CVE-2014-1715

Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2014-1714

The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does n…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2014-1713

Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-1705

Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly ha…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
2014-03-14
Medium

CVE-2013-1939

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, w…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-03-12
Medium

CVE-2014-0504

Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2014-0503

Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via u…

CVSS: 6.4 CWE: CWE-264 View on NVD
Medium

CVE-2014-0323

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo…

CVSS: 6.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2014-0317

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Ser…

CVSS: 5.4 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2014-0301

Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Win…

CVSS: 9.3 CWE: CWE-415 - Double Free View on NVD
High

CVE-2014-0300

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo…

CVSS: 7.2 CWE: CWE-264 View on NVD
2014-03-03
High

CVE-2014-1884

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…

CVSS: 7.5 CWE: CWE-264 View on NVD
2014-02-28
Medium

CVE-2014-0759

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed…

CVSS: 5.9 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2014-02-26
Medium

CVE-2013-7332

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memor…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet…

CVSS: 6.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
2014-02-24
High

CVE-2013-6652

Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in th…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2014-02-21
High

CVE-2014-0502

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on…

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2014-0499

Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK befor…

CVSS: 7.8 CWE: CWE-264 View on NVD
Critical

CVE-2014-0498

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2014-02-12
High

CVE-2014-0266

The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Wi…

CVSS: 7.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2014-0263

The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to exe…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2014-0254

The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via cr…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2014-02-06
Critical

CVE-2013-6486

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction o…

CVSS: 9.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-02-05
Critical

CVE-2014-0497

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute ar…

CVSS: 9.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2014-01-26
Medium

CVE-2013-6853

Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitr…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-01-23
Low

CVE-2013-5371

The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local…

CVSS: 2.1 CWE: CWE-264 View on NVD
2014-01-21
High

CVE-2013-2152

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspeci…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2013-2151

Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.

CVSS: 7.2 CWE: N/A View on NVD
2014-01-16
Medium

CVE-2014-0666

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2013-6646

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2013-6645

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1…

CVSS: 6.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2013-6644

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2013-6643

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and L…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2013-6641

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and be…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
2014-01-15
High

CVE-2014-0496

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2014-0495

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2014-0493

Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD