Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9390 6 Apple, Eclipse, Git-scm and 3 more 8 Mac Os X, Xcode, Egit and 5 more 2021-05-17 7.5 HIGH 9.8 CRITICAL
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
CVE-2021-31914 2 Jetbrains, Microsoft 2 Teamcity, Windows 2021-05-17 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
CVE-2021-1079 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2021-05-15 4.6 MEDIUM 7.8 HIGH
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
CVE-2021-21233 2 Google, Microsoft 2 Chrome, Windows 2021-05-14 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196 2 Google, Microsoft 2 Chrome, Windows 2021-05-14 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-31461 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2021-05-14 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333.
CVE-2021-31776 2 Aviatrix, Microsoft 2 Vpn Client, Windows 2021-05-13 7.2 HIGH 7.8 HIGH
Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators.
CVE-2021-31443 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13240.
CVE-2021-31442 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13239.
CVE-2021-31441 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13101.
CVE-2021-31446 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13245.
CVE-2021-31445 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13244.
CVE-2021-31444 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13241.
CVE-2021-31449 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13280.
CVE-2021-31448 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13273.
CVE-2021-31447 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 4.3 MEDIUM 3.3 LOW
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13269.
CVE-2021-31453 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13092.
CVE-2021-31452 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13091.
CVE-2021-31450 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13084.
CVE-2021-31451 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13089.