| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25574 | — | Hig | 0.49 | 7.5 | 0.02 | Sep 14, 2020 | An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). | |
| CVE-2020-24457 | Hig | 0.49 | 7.6 | 0.00 | Sep 14, 2020 | Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | ||
| CVE-2020-13300 | Hig | 0.52 | 8.0 | 0.01 | Sep 14, 2020 | GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | ||
| CVE-2020-13299 | Hig | 0.53 | 8.1 | 0.01 | Sep 14, 2020 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | ||
| CVE-2020-0570 | Hig | 0.47 | 7.3 | 0.01 | Sep 14, 2020 | Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. | ||
| CVE-2019-0233 | — | Hig | 0.54 | 7.5 | 0.69 | Sep 14, 2020 | An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | |
| CVE-2020-25379 | Hig | 0.57 | 8.8 | 0.02 | Sep 14, 2020 | Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | ||
| CVE-2020-8817 | Hig | 0.53 | 8.1 | 0.01 | Sep 14, 2020 | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. | ||
| CVE-2020-12789 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||
| CVE-2020-12788 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||
| CVE-2020-12787 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||
| CVE-2020-25540 | — | Hig | 0.02 | 7.5 | 0.76 | Sep 14, 2020 | ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | |
| CVE-2020-25291 | Hig | 0.51 | 7.8 | 0.02 | Sep 13, 2020 | GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. | ||
| CVE-2020-25287 | Hig | 0.47 | 7.2 | 0.03 | Sep 13, 2020 | Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | ||
| CVE-2020-25281 | Hig | 0.49 | 7.5 | 0.00 | Sep 11, 2020 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). | ||
| CVE-2020-23824 | Hig | 0.57 | 8.8 | 0.01 | Sep 11, 2020 | ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will… | ||
| CVE-2020-14363 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to… | ||
| CVE-2020-1594 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | ||
| CVE-2020-1593 | Hig | 0.50 | 7.6 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-1576 | Hig | 0.55 | 8.5 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1559 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code… | ||
| CVE-2020-1532 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to… | ||
| CVE-2020-1523 | Hig | 0.58 | 8.9 | 0.02 | Sep 11, 2020 | A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be… | ||
| CVE-2020-1508 | Hig | 0.50 | 7.6 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-1507 | Hig | 0.52 | 7.9 | 0.03 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would… | ||
| CVE-2020-1491 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a… | ||
| CVE-2020-1471 | Hig | 0.48 | 7.3 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker… | ||
| CVE-2020-1460 | Hig | 0.56 | 8.6 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions… | ||
| CVE-2020-1453 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1452 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1376 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker… | ||
| CVE-2020-1345 | Hig | 0.48 | 7.4 | 0.03 | Sep 11, 2020 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-1338 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | ||
| CVE-2020-1335 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | ||
| CVE-2020-1332 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | ||
| CVE-2020-1319 | Hig | 0.48 | 7.3 | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,… | ||
| CVE-2020-1308 | Hig | 0.46 | 7.0 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or… | ||
| CVE-2020-1285 | Hig | 0.55 | 8.4 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install… | ||
| CVE-2020-1252 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability… | ||
| CVE-2020-1245 | Hig | 0.46 | 7.0 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,… | ||
| CVE-2020-1228 | Hig | 0.49 | 7.5 | 0.04 | Sep 11, 2020 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker… | ||
| CVE-2020-1218 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current… | ||
| CVE-2020-1200 | Hig | 0.56 | 8.6 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | ||
| CVE-2020-1198 | Hig | 0.48 | 7.4 | 0.03 | Sep 11, 2020 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-1193 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | ||
| CVE-2020-1169 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by… | ||
| CVE-2020-1129 | Hig | 0.58 | 8.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,… | ||
| CVE-2020-1115 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability… | ||
| CVE-2020-1098 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker… | ||
| CVE-2020-1074 | Hig | 0.55 | 7.8 | 0.53 | Sep 11, 2020 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this… |
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
- risk 0.49cvss 7.6epss 0.00
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
- risk 0.52cvss 8.0epss 0.01
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
- risk 0.53cvss 8.1epss 0.01
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session.
- risk 0.47cvss 7.3epss 0.01
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
- risk 0.54cvss 7.5epss 0.69
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
- risk 0.57cvss 8.8epss 0.02
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.
- risk 0.53cvss 8.1epss 0.01
Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata.
- risk 0.49cvss 7.5epss 0.01
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
- risk 0.49cvss 7.5epss 0.01
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
- risk 0.49cvss 7.5epss 0.01
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
- risk 0.02cvss 7.5epss 0.76
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
- risk 0.51cvss 7.8epss 0.02
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
- risk 0.47cvss 7.2epss 0.03
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).
- risk 0.57cvss 8.8epss 0.01
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will…
- risk 0.51cvss 7.8epss 0.01
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…
- risk 0.55cvss 8.5epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to…
- risk 0.58cvss 8.9epss 0.02
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be…
- risk 0.50cvss 7.6epss 0.03
A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the…
- risk 0.52cvss 7.9epss 0.03
An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a…
- risk 0.48cvss 7.3epss 0.01
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker…
- risk 0.56cvss 8.6epss 0.04
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions…
- risk 0.56cvss 8.6epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.56cvss 8.6epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker…
- risk 0.48cvss 7.4epss 0.03
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- risk 0.48cvss 7.3epss 0.05
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or…
- risk 0.55cvss 8.4epss 0.04
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…
- risk 0.49cvss 7.5epss 0.04
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…
- risk 0.56cvss 8.6epss 0.02
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- risk 0.48cvss 7.4epss 0.03
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- risk 0.51cvss 7.8epss 0.04
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by…
- risk 0.58cvss 8.8epss 0.04
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change,…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker…
- risk 0.55cvss 7.8epss 0.53
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this…