Filtered by vendor Microsoft
Subscribe
Search
Total
6671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5038 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5036 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5032 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-5028 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2020-22722 | 2 Microsoft, Rapidscada | 2 Windows, Rapid Scada | 2020-08-21 | 7.2 HIGH | 7.8 HIGH |
| Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. | |||||
| CVE-2020-16087 | 2 Microsoft, Vng | 2 Windows, Zalo Desktop | 2020-08-19 | 9.3 HIGH | 8.6 HIGH |
| An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file. | |||||
| CVE-2020-8763 | 2 Intel, Microsoft | 4 Realsense D415 Firmware, Realsense D435 Firmware, Realsense D435i Firmware and 1 more | 2020-08-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0554 | 2 Intel, Microsoft | 14 Ac 3165 Firmware, Ac 3168 Firmware, Ac 7265 Firmware and 11 more | 2020-08-19 | 3.7 LOW | 7.0 HIGH |
| Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-4162 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2020-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2020-15657 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2020-08-14 | 6.9 MEDIUM | 7.8 HIGH |
| Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | |||||
| CVE-2020-7817 | 2 Microsoft, Raonwiz | 2 Windows, K Upload | 2020-08-11 | 4.6 MEDIUM | 7.8 HIGH |
| MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. | |||||
| CVE-2020-7810 | 2 Handysoft, Microsoft | 2 Hslogin2.dll, Windows | 2020-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-7803 | 2 Imgtech, Microsoft | 2 Zoneplayer, Windows | 2020-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. | |||||
| CVE-2020-7822 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7828 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-07-31 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7827 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-07-31 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7829 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-07-31 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-15592 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2020-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved. | |||||
| CVE-2020-1410 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-07-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1449 | 1 Microsoft | 3 365 Apps, Office, Project 2016 | 2020-07-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'. | |||||
| CVE-2020-9678 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9685 | 2 Adobe, Microsoft | 3 Photoshop, Photoshop Cc, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9684 | 2 Adobe, Microsoft | 3 Photoshop, Photoshop Cc, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9680 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9687 | 2 Adobe, Microsoft | 3 Photoshop, Photoshop Cc, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-1439 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-07-23 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1421 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-07-23 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1408 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-07-23 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | |||||
| CVE-2020-15602 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-07-22 | 6.9 MEDIUM | 7.8 HIGH |
| An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device. | |||||
| CVE-2020-15603 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2020-07-22 | 7.8 HIGH | 7.5 HIGH |
| An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. | |||||
| CVE-2020-1431 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1381 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382. | |||||
| CVE-2020-1458 | 1 Microsoft | 1 365 Apps | 2020-07-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | |||||
| CVE-2020-12423 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2020-07-20 | 6.9 MEDIUM | 7.8 HIGH |
| When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | |||||
| CVE-2020-1469 | 1 Microsoft | 1 Bond | 2020-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | |||||
| CVE-2020-6938 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2020-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. | |||||
| CVE-2019-19160 | 2 Cabsoftware, Microsoft | 4 Reportexpress Proplus, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). | |||||
| CVE-2020-10913 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2020-07-07 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9946. | |||||
| CVE-2019-19161 | 2 Cymiinstaller322 Activex Project, Microsoft | 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 7.2 HIGH |
| CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification. | |||||
| CVE-2020-4363 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2020-07-07 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960. | |||||
| CVE-2020-4420 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2020-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076. | |||||
| CVE-2020-15351 | 2 Idrive, Microsoft | 2 Idrive, Windows | 2020-07-06 | 7.2 HIGH | 7.8 HIGH |
| IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one. | |||||
| CVE-2020-9659 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9652 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9654 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9653 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9655 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9657 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9656 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9658 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||