Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
There are 4,889 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-21066

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: February 25, 2021; 9:15:12 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-21065

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: February 25, 2021; 9:15:12 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-1450

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin.

Published: February 24, 2021; 3:15:13 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-26677

A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.

Published: February 23, 2021; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-27579

Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings.

Published: February 23, 2021; 1:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-29075

Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.

Published: February 22, 2021; 11:15:13 PM -0500
V3.1: 7.1 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-23827

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

Published: February 22, 2021; 7:15:12 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-21155

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: February 22, 2021; 5:15:12 PM -0500
V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2021-21150

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: February 22, 2021; 5:15:12 PM -0500
V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2020-36233

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

Published: February 18, 2021; 3:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-20446

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622.

Published: February 18, 2021; 10:15:14 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-20445

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.

Published: February 18, 2021; 10:15:14 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-20444

IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620.

Published: February 18, 2021; 10:15:14 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-20443

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619.

Published: February 18, 2021; 10:15:14 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-20354

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Published: February 18, 2021; 10:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-4933

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751.

Published: February 18, 2021; 10:15:13 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-7849

A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.

Published: February 17, 2021; 9:15:18 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-27860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727.

Published: February 11, 2021; 7:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-21063

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: February 11, 2021; 4:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2021-21062

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: February 11, 2021; 4:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH