Vulnerabilities > Microsoft > Windows
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11751 | Argument Injection or Modification vulnerability in Mozilla Firefox and Firefox ESR Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 6.8 |
| 2019-09-14 | CVE-2019-16305 | Command Injection vulnerability in Mobatek Mobaxterm 11.1/12.1 In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. | 6.8 |
| 2019-09-05 | CVE-2019-1939 | Improper Privilege Management vulnerability in Cisco Webex Teams A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. | 9.3 |
| 2019-08-29 | CVE-2019-11396 | Link Following vulnerability in Avira Free Security Suite and Software Updater An issue was discovered in Avira Free Security Suite 10. | 7.2 |
| 2019-08-23 | CVE-2016-6154 | Cross-site Scripting vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 5.8 |
| 2019-08-21 | CVE-2019-15316 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
| 2019-08-21 | CVE-2019-15315 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. | 7.2 |
| 2019-08-21 | CVE-2019-14685 | Unquoted Search Path or Element vulnerability in Trendmicro products A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | 7.2 |
| 2019-08-16 | CVE-2019-7959 | Improper Input Validation vulnerability in Adobe Creative Cloud Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. | 10.0 |
| 2019-08-16 | CVE-2019-7958 | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. | 10.0 |