Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
8093 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10862 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. | ||||
| CVE-2020-10861 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.5 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. | ||||
| CVE-2020-10860 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.5 High |
| An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). | ||||
| CVE-2020-10659 | 2 Entrustdatacard, Microsoft | 2 Entelligence Security Provider, Windows | 2024-11-21 | 4.3 Medium |
| Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | ||||
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2024-11-21 | 9.8 Critical |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | ||||
| CVE-2020-0561 | 4 Intel, Linux, Microsoft and 1 more | 5 Software Guard Extensions Sdk, Linux Kernel, Windows and 2 more | 2024-11-21 | 7.8 High |
| Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-9969 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2024-11-21 | N/A |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399. | ||||
| CVE-2019-9968 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2024-11-21 | N/A |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem. | ||||
| CVE-2019-9967 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2024-11-21 | N/A |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString. | ||||
| CVE-2019-9966 | 2 Microsoft, Xnview | 2 Windows, Xnview Classic | 2024-11-21 | N/A |
| XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c. | ||||
| CVE-2019-9965 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2024-11-21 | N/A |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | ||||
| CVE-2019-9964 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2024-11-21 | N/A |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | ||||
| CVE-2019-9963 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2024-11-21 | N/A |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | ||||
| CVE-2019-9962 | 2 Microsoft, Xnview | 2 Windows, Xnview Mp | 2024-11-21 | N/A |
| XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | ||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-11-21 | 7.8 High |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | ||||
| CVE-2019-9855 | 3 Libreoffice, Microsoft, Opensuse | 3 Libreoffice, Windows, Leap | 2024-11-21 | 9.8 Critical |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | ||||
| CVE-2019-9847 | 3 Apple, Libreoffice, Microsoft | 3 Macos, Libreoffice, Windows | 2024-11-21 | N/A |
| A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. | ||||
| CVE-2019-9818 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 8.3 High |
| A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | ||||
| CVE-2019-9801 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A |
| Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||||
| CVE-2019-9794 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A |
| A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||||