Vulnerabilities > Microsoft > Windows > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-04 CVE-2019-20822 Out-of-bounds Write vulnerability in Foxitsoftware 3D
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430.
7.5
2020-05-06 CVE-2019-19167 Unspecified vulnerability in Tobesoft Nexacro 2019.9.25.1
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control.
network
low complexity
tobesoft microsoft
7.5
2020-03-16 CVE-2019-5543 Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client, Remote Console and Workstation
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users.
local
low complexity
vmware microsoft CWE-732
7.2
2020-01-18 CVE-2019-19697 Unspecified vulnerability in Trendmicro products
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.
local
low complexity
trendmicro microsoft
7.2
2020-01-08 CVE-2019-20362 Unquoted Search Path or Element vulnerability in Teradici products
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file.
local
low complexity
teradici microsoft CWE-428
7.2
2019-09-06 CVE-2019-9855 Channel and Path Errors vulnerability in Libreoffice
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
libreoffice microsoft CWE-417
7.5
2019-08-29 CVE-2019-11396 Link Following vulnerability in Avira Free Security Suite and Software Updater
An issue was discovered in Avira Free Security Suite 10.
local
low complexity
avira microsoft CWE-59
7.2
2019-08-26 CVE-2019-4448 Improper Privilege Management vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context.
local
low complexity
ibm linux microsoft CWE-269
7.2
2019-08-26 CVE-2019-4447 Uncontrolled Search Path Element vulnerability in IBM DB2 High Performance Unload Load 6.1/6.1.0.1/6.1.0.2
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable.
local
low complexity
ibm linux microsoft CWE-427
7.2
2019-08-21 CVE-2019-15315 Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch.
local
low complexity
valvesoftware microsoft CWE-732
7.2