Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
There are 4,953 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2021-28954

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.

Published: March 21, 2021; 1:15:13 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-10128

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.

Published: March 19, 2021; 4:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.1 MEDIUM
CVE-2019-10127

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.

Published: March 19, 2021; 3:15:12 PM -0400
V3.1: 8.8 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-21384

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

Published: March 18, 2021; 8:15:11 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-26155

Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.

Published: March 18, 2021; 1:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-27893

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected.

Published: March 15, 2021; 11:15:15 AM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-27892

SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected.

Published: March 15, 2021; 11:15:15 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-27891

SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.

Published: March 15, 2021; 11:15:15 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2021-21078

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction

Published: March 12, 2021; 2:15:14 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2021-21077

Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-21076

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:14 PM -0500
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2021-21075

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:14 PM -0500
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2021-21074

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:14 PM -0500
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2021-21072

Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:14 PM -0500
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2021-21071

Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-21069

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.

Published: March 12, 2021; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2021-21067

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2021-21056

Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 12, 2021; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2020-5025

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.

Published: March 11, 2021; 11:15:12 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-5024

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

Published: March 11, 2021; 11:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM