National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): windows
There are 7,963 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-3131

[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously.

Published: January 26, 2020; 12:15:17 AM -05:00
(not available)
CVE-2019-1454

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.

Published: January 24, 2020; 04:15:13 PM -05:00
(not available)
CVE-2019-19363

An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version

Published: January 24, 2020; 01:15:12 PM -05:00
(not available)
CVE-2013-6773

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges

Published: January 23, 2020; 10:15:12 AM -05:00
(not available)
CVE-2018-16266

The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Published: January 22, 2020; 08:15:10 AM -05:00
(not available)
CVE-2020-7211

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

Published: January 21, 2020; 12:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-19696

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites.

Published: January 17, 2020; 07:15:12 PM -05:00
(not available)
CVE-2019-14613

Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: January 17, 2020; 01:15:12 PM -05:00
(not available)
CVE-2019-14601

Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: January 17, 2020; 01:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-14600

Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: January 17, 2020; 01:15:12 PM -05:00
(not available)
CVE-2019-15742

A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.

Published: January 16, 2020; 07:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-3941

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.

Published: January 15, 2020; 03:15:25 PM -05:00
V3.1: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2019-9510

A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.

Published: January 15, 2020; 12:15:14 PM -05:00
(not available)
CVE-2015-5466

Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.

Published: January 15, 2020; 11:15:12 AM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-0644

An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635.

Published: January 14, 2020; 06:15:33 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-0643

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.

Published: January 14, 2020; 06:15:32 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-0642

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624.

Published: January 14, 2020; 06:15:32 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-0641

An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.

Published: January 14, 2020; 06:15:32 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2020-0639

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615.

Published: January 14, 2020; 06:15:32 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-0636

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

Published: January 14, 2020; 06:15:32 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM