Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-27265 |
IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. Published: March 14, 2024; 3:15:50 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-20749 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:49 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20748 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:49 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20747 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:48 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20738 |
Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. Published: February 15, 2024; 8:15:48 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-20736 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:48 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20735 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:48 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20734 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:47 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20733 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:47 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-20731 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:47 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20730 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:47 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20729 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:47 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20728 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:46 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20727 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:46 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20726 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: February 15, 2024; 8:15:46 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-1149 |
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. Published: February 08, 2024; 8:15:09 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-23769 |
Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. Published: February 07, 2024; 2:15:08 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-25140 |
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. Published: February 06, 2024; 4:15:52 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-32479 |
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. Published: February 06, 2024; 3:15:51 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2020-24682 |
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. Published: February 02, 2024; 3:15:45 AM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |