Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2016-6154 | Cross-site Scripting vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 5.8 |
| 2019-08-21 | CVE-2019-15316 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
| 2019-08-16 | CVE-2019-7957 | Unspecified vulnerability in Adobe Creative Cloud Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. | 5.0 |
| 2019-08-13 | CVE-2019-12807 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Estsoft Alzip Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. | 6.8 |
| 2019-08-13 | CVE-2019-12806 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Crosscert Unisign 2.0.4.0 UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. | 6.8 |
| 2019-08-12 | CVE-2019-14935 | Incorrect Permission Assignment for Critical Resource vulnerability in 3CX 15 3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link. | 4.6 |
| 2019-07-26 | CVE-2019-9492 | Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. | 4.6 |
| 2019-07-23 | CVE-2019-11702 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. | 4.3 |
| 2019-07-23 | CVE-2019-11700 | Missing Authorization vulnerability in Mozilla Firefox A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. | 4.3 |
| 2019-07-23 | CVE-2019-11694 | Use of Uninitialized Resource vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. | 5.0 |