Search Results (Refine Search)
- Keyword (text search): Windows 7
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-21111 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Published: April 16, 2024; 6:15:32 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-21107 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Published: April 16, 2024; 6:15:32 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2024-23594 |
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. Published: April 15, 2024; 2:15:10 PM -0400 |
V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-23593 |
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges. Published: April 15, 2024; 2:15:10 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2024-1790 |
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances. Published: April 09, 2024; 3:15:19 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2224 |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 Published: April 09, 2024; 9:15:33 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2223 |
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 Published: April 09, 2024; 9:15:33 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22532 |
Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. Published: February 28, 2024; 6:15:09 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-7169 |
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0 Published: February 08, 2024; 8:15:08 AM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-22331 |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. Published: February 06, 2024; 12:15:10 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2024-0770 |
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: January 21, 2024; 6:15:44 PM -0500 |
V3.1: 7.1 HIGH V2.0:(not available) |