Vulnerabilities > Microsoft > Windows > High

DATE CVE VULNERABILITY TITLE RISK
2019-03-11 CVE-2018-1978 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
local
low complexity
ibm linux microsoft CWE-119
7.2
2019-02-27 CVE-2019-5670 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service, escalation of privileges, code execution or information disclosure.
local
low complexity
nvidia microsoft CWE-119
7.2
2019-02-27 CVE-2019-5669 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer, which may lead to denial of service or escalation of privileges.
local
low complexity
nvidia microsoft CWE-119
7.2
2019-02-27 CVE-2019-5668 NULL Pointer Dereference vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of privileges.
local
low complexity
nvidia microsoft CWE-476
7.2
2019-02-27 CVE-2019-5667 NULL Pointer Dereference vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of privileges.
local
low complexity
nvidia microsoft CWE-476
7.2
2019-02-27 CVE-2019-5666 Improper Validation of Array Index vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array, which may lead to denial of service or escalation of privileges.
local
low complexity
nvidia microsoft CWE-129
7.2
2019-02-27 CVE-2019-5665 Link Following vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links.
local
low complexity
nvidia microsoft CWE-59
7.2
2019-01-18 CVE-2018-19716 Out-of-bounds Write vulnerability in Adobe Acrobat DC and Acrobat Reader DC
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability.
network
low complexity
adobe microsoft apple CWE-787
7.5
2019-01-17 CVE-2018-20732 Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
network
low complexity
sas hpe ibm linux microsoft oracle CWE-502
7.5
2018-11-29 CVE-2018-19666 Path Traversal vulnerability in multiple products
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.
local
low complexity
ossec microsoft wazuh CWE-22
7.2