Total
6504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18232 | 2 Gemalto, Microsoft | 2 Sentinel Ldk License Manager, Windows | 2019-12-19 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system. | |||||
| CVE-2011-5049 | 1 Microsoft | 1 Windows | 2019-12-17 | 4.3 MEDIUM | N/A |
| MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. | |||||
| CVE-2019-4606 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 High Performance Unload Load, Linux Kernel, Windows and 1 more | 2019-12-16 | 6.9 MEDIUM | 7.8 HIGH |
| IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. | |||||
| CVE-2019-15628 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2020, Internet Security 2020 and 2 more | 2019-12-13 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. | |||||
| CVE-2019-19460 | 2 Microsoft, Saltosystem | 2 Windows, Proaccess Space | 2019-12-13 | 6.6 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available. | |||||
| CVE-2019-19230 | 3 Broadcom, Linux, Microsoft | 3 Nolio, Linux Kernel, Windows | 2019-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | |||||
| CVE-2019-19719 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2019-12-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page. | |||||
| CVE-2019-18190 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2019-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. | |||||
| CVE-2019-16001 | 2 Cisco, Microsoft | 3 Webex Meetings, Webex Teams, Windows | 2019-12-11 | 4.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the vulnerable application is launched. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user account. | |||||
| CVE-2019-15286 | 2 Cisco, Microsoft | 4 Webex Business Suite, Webex Meetings Online, Webex Meetings Server and 1 more | 2019-12-11 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2019-12-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
| CVE-2019-15284 | 2 Cisco, Microsoft | 4 Webex Business Suite, Webex Meetings Online, Webex Meetings Server and 1 more | 2019-12-10 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2019-19489 | 2 Microsoft, Smplayer | 2 Windows, Smplayer | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. | |||||
| CVE-2019-17067 | 2 Microsoft, Putty | 2 Windows, Putty | 2019-11-26 | 7.5 HIGH | 9.8 CRITICAL |
| PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | |||||
| CVE-2018-13864 | 2 Lightbend, Microsoft | 2 Play Framework, Windows | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. | |||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2019-11-22 | 7.5 HIGH | 10.0 CRITICAL |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | |||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | |||||
| CVE-2019-16861 | 2 Code42, Microsoft | 2 Code42, Windows | 2019-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2019-11-20 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2019-14602 | 2 Intel, Microsoft | 2 Nuvoton Consumer Infrared, Windows | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||