Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0627 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | |||||
| CVE-2020-0628 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | |||||
| CVE-2020-0629 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | |||||
| CVE-2020-0630 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | |||||
| CVE-2020-0620 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-4230 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212. | |||||
| CVE-2020-4261 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. | |||||
| CVE-2020-4262 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. | |||||
| CVE-2020-0633 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632. | |||||
| CVE-2020-4161 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341. | |||||
| CVE-2020-3998 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | |||||
| CVE-2020-0607 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'. | |||||
| CVE-2020-0608 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2020-0609 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610. | |||||
| CVE-2020-3979 | 2 Installbuilder, Microsoft | 2 Installbuilder, Windows | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer. | |||||
| CVE-2020-3961 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. | |||||
| CVE-2020-3945 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may obtain sensitive information | |||||
| CVE-2020-0610 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609. | |||||
| CVE-2020-0611 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 5.1 MEDIUM | 7.5 HIGH |
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | |||||
| CVE-2020-3943 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. | |||||
| CVE-2020-0603 | 2 Microsoft, Redhat | 3 Asp.net Core, Enterprise Linux, Enterprise Linux Eus | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. | |||||
| CVE-2020-0632 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633. | |||||
| CVE-2020-0615 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639. | |||||
| CVE-2020-0614 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | |||||
| CVE-2020-3710 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3711 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3712 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-0613 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633. | |||||
| CVE-2020-26894 | 2 Faulknermedia, Microsoft | 2 Wildlife Issues In The New Millennium, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe". | |||||
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. | |||||
| CVE-2020-24367 | 2 Bluestacks, Microsoft | 2 Bluestacks, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | |||||
| CVE-2020-15593 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. | |||||
| CVE-2020-1468 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | |||||
| CVE-2020-1437 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1435 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1432 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. | |||||
| CVE-2020-1428 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438. | |||||
| CVE-2020-1427 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438. | |||||
| CVE-2020-1424 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1422 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415. | |||||
| CVE-2020-1420 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | |||||
| CVE-2020-1419 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426. | |||||
| CVE-2020-1418 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1393. | |||||
| CVE-2020-1415 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422. | |||||
| CVE-2020-1411 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1336. | |||||
| CVE-2020-1412 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1413 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | |||||
| CVE-2020-1405 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372. | |||||
| CVE-2020-1406 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1404 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | |||||