Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17063 | 1 Microsoft | 2 365 Apps, Office | 2023-12-31 | 5.8 MEDIUM | 6.8 MEDIUM |
| Microsoft Office Online Spoofing Vulnerability | |||||
| CVE-2020-17060 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-31 | 5.8 MEDIUM | 5.4 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2020-17056 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Windows Network File System Information Disclosure Vulnerability | |||||
| CVE-2020-17054 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 7.6 HIGH | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17049 | 2 Microsoft, Samba | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-31 | 9.0 HIGH | 6.6 MEDIUM |
| <p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p> | |||||
| CVE-2020-17048 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2023-12-31 | 6.8 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17046 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Error Reporting Denial of Service Vulnerability | |||||
| CVE-2020-17045 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows KernelStream Information Disclosure Vulnerability | |||||
| CVE-2020-17040 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2012 and 2 more | 2023-12-31 | 7.5 HIGH | 6.5 MEDIUM |
| Windows Hyper-V Security Feature Bypass Vulnerability | |||||
| CVE-2020-17036 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | |||||
| CVE-2020-17030 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows MSCTF Server Information Disclosure Vulnerability | |||||
| CVE-2020-17029 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Canonical Display Driver Information Disclosure Vulnerability | |||||
| CVE-2020-17021 | 1 Microsoft | 1 Dynamics 365 | 2023-12-31 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2020-17018 | 1 Microsoft | 1 Dynamics 365 | 2023-12-31 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2020-17017 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 6.8 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2020-17015 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2020-17013 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Win32k Information Disclosure Vulnerability | |||||
| CVE-2020-17006 | 1 Microsoft | 1 Dynamics Crm 2015 | 2023-12-31 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2020-17005 | 1 Microsoft | 1 Dynamics 365 | 2023-12-31 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2020-17004 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2020-17000 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||
| CVE-2020-16999 | 1 Microsoft | 1 Windows 10 | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Windows WalletService Information Disclosure Vulnerability | |||||
| CVE-2020-16993 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 4.6 MEDIUM | 5.4 MEDIUM |
| Azure Sphere Elevation of Privilege Vulnerability | |||||
| CVE-2020-16990 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 2.1 LOW | 6.2 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2020-16989 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 7.2 HIGH | 5.4 MEDIUM |
| Azure Sphere Elevation of Privilege Vulnerability | |||||
| CVE-2020-16988 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 7.2 HIGH | 6.9 MEDIUM |
| Azure Sphere Elevation of Privilege Vulnerability | |||||
| CVE-2020-16986 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 2.1 LOW | 6.2 MEDIUM |
| Azure Sphere Denial of Service Vulnerability | |||||
| CVE-2020-16985 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 2.1 LOW | 6.2 MEDIUM |
| Azure Sphere Information Disclosure Vulnerability | |||||
| CVE-2020-16983 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 7.2 HIGH | 5.7 MEDIUM |
| Azure Sphere Tampering Vulnerability | |||||
| CVE-2020-16982 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 7.2 HIGH | 6.1 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2020-16981 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 7.2 HIGH | 6.1 MEDIUM |
| Azure Sphere Elevation of Privilege Vulnerability | |||||
| CVE-2020-16979 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2020-17153 | 1 Microsoft | 1 Edge | 2023-12-31 | 5.8 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2020-17145 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2023-12-31 | 4.9 MEDIUM | 5.4 MEDIUM |
| Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | |||||
| CVE-2020-17133 | 1 Microsoft | 1 Dynamics Nav | 2023-12-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Dynamics Business Central/NAV Information Disclosure | |||||
| CVE-2020-17131 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2023-12-31 | 5.1 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17130 | 1 Microsoft | 2 365 Apps, Excel | 2023-12-31 | 6.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2020-17126 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Excel Information Disclosure Vulnerability | |||||
| CVE-2020-17120 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2020-16996 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kerberos Security Feature Bypass Vulnerability | |||||
| CVE-2020-12803 | 3 Fedoraproject, Libreoffice, Opensuse | 3 Fedora, Libreoffice, Leap | 2023-12-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | |||||
| CVE-2020-12802 | 3 Fedoraproject, Libreoffice, Opensuse | 3 Fedora, Libreoffice, Leap | 2023-12-31 | 4.3 MEDIUM | 5.3 MEDIUM |
| LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | |||||
| CVE-2020-12801 | 2 Libreoffice, Opensuse | 2 Libreoffice, Leap | 2023-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. | |||||
| CVE-2023-34845 | 1 Bludit | 1 Bludit | 2023-12-30 | N/A | 5.4 MEDIUM |
| Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | |||||
| CVE-2023-31698 | 1 Bludit | 1 Bludit | 2023-12-30 | N/A | 5.4 MEDIUM |
| Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). | |||||
| CVE-2023-7040 | 1 Codelyfe | 1 Stupid Simple Cms | 2023-12-30 | N/A | 6.5 MEDIUM |
| A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The manipulation of the argument oldName leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248689 was assigned to this vulnerability. | |||||
| CVE-2023-50834 | 1 Augustinfotech | 1 Woocommerce Menu Extension | 2023-12-30 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.This issue affects WooCommerce Menu Extension: from n/a through 1.6.2. | |||||
| CVE-2023-49765 | 1 Blazzdev | 1 Rate My Post | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | |||||
| CVE-2023-47191 | 1 Kainelabs | 1 Youzify | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | |||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | |||||