| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1053 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or… | ||
| CVE-2020-1052 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated… | ||
| CVE-2020-1045 | Hig | 0.01 | 7.5 | 0.07 | Sep 11, 2020 | A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent… | ||
| CVE-2020-1039 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this… | ||
| CVE-2020-1031 | Hig | 0.49 | 7.5 | 0.05 | Sep 11, 2020 | An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. … | ||
| CVE-2020-1030 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could… | ||
| CVE-2020-1013 | Hig | 0.49 | 7.5 | 0.06 | Sep 11, 2020 | An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To… | ||
| CVE-2020-1012 | Hig | 0.57 | 8.8 | 0.04 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the… | ||
| CVE-2020-16881 | Hig | 0.51 | 7.8 | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | ||
| CVE-2020-16875 | Hig | 0.61 | 8.4 | 0.47 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the… | ||
| CVE-2020-16874 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with… | ||
| CVE-2020-16872 | Hig | 0.50 | 7.6 | 0.02 | Sep 11, 2020 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to… | ||
| CVE-2020-16862 | Hig | 0.46 | 7.1 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the… | ||
| CVE-2020-16857 | Hig | 0.46 | 7.1 | 0.02 | Sep 11, 2020 | A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim… | ||
| CVE-2020-16856 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with… | ||
| CVE-2020-16853 | Hig | 0.46 | 7.1 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this… | ||
| CVE-2020-16852 | Hig | 0.46 | 7.1 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this… | ||
| CVE-2020-16851 | Hig | 0.46 | 7.1 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this… | ||
| CVE-2020-0998 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could… | ||
| CVE-2020-0997 | Hig | 0.51 | 7.8 | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with… | ||
| CVE-2020-0922 | Hig | 0.58 | 8.8 | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have… | ||
| CVE-2020-0912 | Hig | 0.46 | 7.0 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially… | ||
| CVE-2020-0911 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability… | ||
| CVE-2020-0908 | Hig | 0.49 | 7.5 | 0.03 | Sep 11, 2020 | A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is… | ||
| CVE-2020-0886 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code… | ||
| CVE-2020-0870 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker… | ||
| CVE-2020-0839 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated… | ||
| CVE-2020-0838 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system,… | ||
| CVE-2020-0836 | Hig | 0.49 | 7.5 | 0.05 | Sep 11, 2020 | A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker… | ||
| CVE-2020-0790 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself… | ||
| CVE-2020-0782 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an… | ||
| CVE-2020-0766 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to… | ||
| CVE-2020-0761 | Hig | 0.57 | 8.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To… | ||
| CVE-2020-0718 | Hig | 0.57 | 8.8 | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To… | ||
| CVE-2020-0648 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2020 | An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted… | ||
| CVE-2020-25276 | Hig | 0.47 | 7.3 | 0.00 | Sep 11, 2020 | An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client… | ||
| CVE-2020-15166 | Hig | 0.00 | 7.5 | 0.03 | Sep 11, 2020 | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate… | ||
| CVE-2020-11991 | Hig | 0.55 | 7.5 | 0.72 | Sep 11, 2020 | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | ||
| CVE-2020-16222 | Hig | 0.57 | 8.8 | 0.01 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | ||
| CVE-2020-24164 | — | Hig | 0.44 | 7.8 | 0.01 | Sep 11, 2020 | A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java… | |
| CVE-2020-25255 | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2020 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which… | ||
| CVE-2020-25252 | Hig | 0.57 | 8.8 | 0.01 | Sep 11, 2020 | An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol… | ||
| CVE-2020-25250 | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2020 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs. | ||
| CVE-2020-25248 | Hig | 0.49 | 7.5 | 0.02 | Sep 11, 2020 | An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. | ||
| CVE-2020-25247 | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2020 | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. | ||
| CVE-2020-9731 | Hig | 0.52 | 7.8 | 0.11 | Sep 10, 2020 | A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | ||
| CVE-2020-9730 | Hig | 0.51 | 7.8 | 0.03 | Sep 10, 2020 | A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | ||
| CVE-2020-9729 | Hig | 0.51 | 7.8 | 0.03 | Sep 10, 2020 | A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | ||
| CVE-2020-9728 | Hig | 0.51 | 7.8 | 0.03 | Sep 10, 2020 | A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. | ||
| CVE-2020-9727 | Hig | 0.51 | 7.8 | 0.03 | Sep 10, 2020 | A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. |
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…
- risk 0.01cvss 7.5epss 0.07
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this…
- risk 0.49cvss 7.5epss 0.05
An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory. To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. …
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could…
- risk 0.49cvss 7.5epss 0.06
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To…
- risk 0.57cvss 8.8epss 0.04
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the…
- risk 0.51cvss 7.8epss 0.05
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- risk 0.61cvss 8.4epss 0.47
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…
- risk 0.50cvss 7.6epss 0.02
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to…
- risk 0.46cvss 7.1epss 0.03
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the…
- risk 0.46cvss 7.1epss 0.02
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim…
- risk 0.51cvss 7.8epss 0.04
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…
- risk 0.46cvss 7.1epss 0.01
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…
- risk 0.46cvss 7.1epss 0.01
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…
- risk 0.46cvss 7.1epss 0.01
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could…
- risk 0.51cvss 7.8epss 0.05
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…
- risk 0.58cvss 8.8epss 0.05
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have…
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability…
- risk 0.49cvss 7.5epss 0.03
A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system. An attacker could host a specially crafted website that is…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system,…
- risk 0.49cvss 7.5epss 0.05
A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker…
- risk 0.51cvss 7.8epss 0.01
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog. To exploit this vulnerability, an…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to…
- risk 0.57cvss 8.8epss 0.04
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…
- risk 0.57cvss 8.8epss 0.04
A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted…
- risk 0.47cvss 7.3epss 0.00
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client…
- risk 0.00cvss 7.5epss 0.03
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate…
- risk 0.55cvss 7.5epss 0.72
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.
- risk 0.57cvss 8.8epss 0.01
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
- risk 0.44cvss 7.8epss 0.01
A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.
- risk 0.52cvss 7.8epss 0.11
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
- risk 0.51cvss 7.8epss 0.03
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
- risk 0.51cvss 7.8epss 0.03
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
- risk 0.51cvss 7.8epss 0.03
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
- risk 0.51cvss 7.8epss 0.03
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.