Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4136 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. Published: August 03, 2023; 11:15:34 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-3884 |
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01. Published: February 27, 2023; 10:15:09 PM -0500 |
V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2022-41552 |
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. Published: October 31, 2022; 11:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2020-36605 |
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. Published: October 31, 2022; 11:15:10 PM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2022-25256 |
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL. Published: February 18, 2022; 8:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-29218 |
A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. Published: February 04, 2022; 6:15:11 PM -0500 |
V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-28963 |
Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. Published: October 22, 2021; 4:15:10 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-5674 |
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Published: November 24, 2020; 2:15:11 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2019-14678 |
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. Published: November 14, 2019; 4:15:11 PM -0500 |
V3.1: 10.0 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-7824 |
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. Published: May 22, 2019; 4:29:01 PM -0400 |
V3.1: 4.9 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2018-20733 |
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. Published: January 16, 2019; 8:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-20732 |
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. Published: January 16, 2019; 8:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-9281 |
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. Published: January 16, 2019; 8:29:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |