Filtered by vendor Microsoft
Subscribe
Search
Total
2970 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1391 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information Disclosure Vulnerability'. | |||||
| CVE-2020-27017 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. | |||||
| CVE-2020-0946 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0947. | |||||
| CVE-2020-1310 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253. | |||||
| CVE-2020-0963 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179. | |||||
| CVE-2020-1263 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261. | |||||
| CVE-2020-35609 | 1 Microsoft | 1 Azure Sphere | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability. | |||||
| CVE-2020-0939 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947. | |||||
| CVE-2020-0976 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977. | |||||
| CVE-2020-0622 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | |||||
| CVE-2019-5686 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. | |||||
| CVE-2020-1444 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | |||||
| CVE-2020-0975 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977. | |||||
| CVE-2020-1445 | 1 Microsoft | 6 365 Apps, Office, Office Online Server and 3 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342. | |||||
| CVE-2019-19362 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history (but does not exit the application), this data is not wiped from main memory, and therefore could be read by a local user with the same or greater privileges. | |||||
| CVE-2020-1367 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1389, CVE-2020-1419, CVE-2020-1426. | |||||
| CVE-2020-0643 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'. | |||||
| CVE-2020-1432 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. | |||||
| CVE-2020-1420 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2020-27019 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | |||||
| CVE-2020-1259 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-0615 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639. | |||||
| CVE-2020-8145 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer. | |||||
| CVE-2020-0608 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2020-0607 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | |||||
| CVE-2020-0746 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | |||||
| CVE-2020-0717 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0716. | |||||
| CVE-2020-1179 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145. | |||||
| CVE-2020-0859 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | |||||
| CVE-2020-1261 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263. | |||||
| CVE-2020-0853 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | |||||
| CVE-2020-0714 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Information Disclosure Vulnerability'. | |||||
| CVE-2020-0706 | 1 Microsoft | 8 Edge, Internet Explorer, Windows 10 and 5 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. | |||||
| CVE-2019-19694 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 3 more | 2021-07-21 | 1.9 LOW | 4.7 MEDIUM |
| The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.. | |||||
| CVE-2019-4614 | 4 Ibm, Linux, Microsoft and 1 more | 5 Mq, Mq Appliance, Linux Kernel and 2 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | |||||
| CVE-2020-0820 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | |||||
| CVE-2020-1348 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2020-1361 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'. | |||||
| CVE-2020-5855 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2021-07-21 | 4.6 MEDIUM | 4.3 MEDIUM |
| When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. | |||||
| CVE-2020-1419 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426. | |||||
| CVE-2020-3998 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | |||||
| CVE-2020-0647 | 1 Microsoft | 1 Office Online Server | 2021-07-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | |||||
| CVE-2019-1338 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-0736 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | |||||
| CVE-2020-1434 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1389 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426. | |||||
| CVE-2019-10250 | 2 Microsoft, Ucweb | 2 Windows, Uc Browser | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks. | |||||
| CVE-2020-0945 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0937, CVE-2020-0939, CVE-2020-0946, CVE-2020-0947. | |||||
| CVE-2020-1386 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'. | |||||
| CVE-2019-4568 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. | |||||