Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-08 | CVE-2015-2062 | SQL Injection vulnerability in Huge-It Slider Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. | 6.5 |
| 2020-02-03 | CVE-2019-4732 | Untrusted Search Path vulnerability in IBM SDK and Websphere Application Server IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. | 6.9 |
| 2020-01-27 | CVE-2015-0242 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | 6.5 |
| 2020-01-23 | CVE-2013-6773 | Improper Privilege Management vulnerability in Splunk Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | 4.6 |
| 2020-01-14 | CVE-2019-16784 | Improper Privilege Management vulnerability in Pyinstaller In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user (at least more than the current one) which have his "TempPath" resolving to a world writable directory. | 4.4 |
| 2020-01-08 | CVE-2019-17015 | Out-of-bounds Write vulnerability in Mozilla Firefox and Firefox ESR During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. | 6.8 |
| 2020-01-08 | CVE-2019-17009 | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. | 4.6 |
| 2019-11-12 | CVE-2018-21026 | Information Exposure vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | 5.0 |
| 2019-09-27 | CVE-2019-11751 | Argument Injection or Modification vulnerability in Mozilla Firefox and Firefox ESR Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. | 6.8 |
| 2019-09-14 | CVE-2019-16305 | Command Injection vulnerability in Mobatek Mobaxterm 11.1/12.1 In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. | 6.8 |