Vulnerabilities > Microsoft > Windows
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2015-0242 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | 6.5 |
| 2020-01-23 | CVE-2013-6773 | Improper Privilege Management vulnerability in Splunk Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | 4.6 |
| 2020-01-18 | CVE-2019-19697 | Unspecified vulnerability in Trendmicro products An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. | 7.2 |
| 2020-01-14 | CVE-2019-16784 | Improper Privilege Management vulnerability in Pyinstaller In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. | 4.4 |
| 2020-01-10 | CVE-2012-4603 | Improper Input Validation vulnerability in Citrix Receiver and Xenapp Online Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | 9.3 |
| 2020-01-09 | CVE-2012-2950 | Unrestricted Upload of File with Dangerous Type vulnerability in Gatewaygeomatics Mapserver Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information. | 9.3 |
| 2020-01-08 | CVE-2019-17015 | Out-of-bounds Write vulnerability in Mozilla Firefox and Firefox ESR During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. | 6.8 |
| 2020-01-08 | CVE-2019-17009 | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. | 4.6 |
| 2020-01-08 | CVE-2019-20362 | Unquoted Search Path or Element vulnerability in Teradici products In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file. | 7.2 |
| 2019-11-12 | CVE-2018-21026 | Information Exposure vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | 5.0 |