VYPR

CVEs

101,963 total · page 1436 of 2,040

  • CVE-2020-1053HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or…

  • CVE-2020-1052HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2020-1045HigSep 11, 2020
    risk 0.01cvss 7.5epss 0.07

    A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent…

  • CVE-2020-1039HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this…

  • CVE-2020-1031HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.05

    An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. …

  • CVE-2020-1030HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could…

  • CVE-2020-1013HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.06

    An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To…

  • CVE-2020-1012HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.04

    An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the…

  • CVE-2020-16881HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…

  • CVE-2020-16875HigSep 11, 2020
    risk 0.61cvss 8.4epss 0.47

    A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the…

  • CVE-2020-16874HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…

  • CVE-2020-16872HigSep 11, 2020
    risk 0.50cvss 7.6epss 0.02

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…

  • CVE-2020-16862HigSep 11, 2020
    risk 0.46cvss 7.1epss 0.03

    A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the…

  • CVE-2020-16857HigSep 11, 2020
    risk 0.46cvss 7.1epss 0.02

    A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim…

  • CVE-2020-16856HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…

  • CVE-2020-16853HigSep 11, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…

  • CVE-2020-16852HigSep 11, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…

  • CVE-2020-16851HigSep 11, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…

  • CVE-2020-0998HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could…

  • CVE-2020-0997HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…

  • CVE-2020-0922HigSep 11, 2020
    risk 0.58cvss 8.8epss 0.05

    A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have…

  • CVE-2020-0912HigSep 11, 2020
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially…

  • CVE-2020-0911HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability…

  • CVE-2020-0908HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.03

    A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is…

  • CVE-2020-0886HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code…

  • CVE-2020-0870HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker…

  • CVE-2020-0839HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2020-0838HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system,…

  • CVE-2020-0836HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.05

    A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker…

  • CVE-2020-0790HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself…

  • CVE-2020-0782HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an…

  • CVE-2020-0766HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to…

  • CVE-2020-0761HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.04

    A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…

  • CVE-2020-0718HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.04

    A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…

  • CVE-2020-0648HigSep 11, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…

  • CVE-2020-25276HigSep 11, 2020
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client…

  • CVE-2020-15166HigSep 11, 2020
    risk 0.00cvss 7.5epss 0.03

    In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate…

  • CVE-2020-11991HigSep 11, 2020
    risk 0.55cvss 7.5epss 0.72

    When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

  • CVE-2020-16222HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.01

    In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.

  • CVE-2020-24164HigSep 11, 2020
    risk 0.44cvss 7.8epss 0.01

    A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java…

  • CVE-2020-25255HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which…

  • CVE-2020-25252HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol…

  • CVE-2020-25250HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.

  • CVE-2020-25248HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.

  • CVE-2020-25247HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.

  • CVE-2020-9731HigSep 10, 2020
    risk 0.52cvss 7.8epss 0.11

    A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

  • CVE-2020-9730HigSep 10, 2020
    risk 0.51cvss 7.8epss 0.03

    A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

  • CVE-2020-9729HigSep 10, 2020
    risk 0.51cvss 7.8epss 0.03

    A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

  • CVE-2020-9728HigSep 10, 2020
    risk 0.51cvss 7.8epss 0.03

    A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

  • CVE-2020-9727HigSep 10, 2020
    risk 0.51cvss 7.8epss 0.03

    A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.