CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 53/121 • 14518 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14518 CVEs for this tag (all time). In the last 365 days, 1678 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-10-02
Medium

CVE-2020-5982

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of i…

CVSS: 4.4 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2020-5981

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, wh…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-5980

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lea…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-5979

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, w…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-24356

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which coul…

CVSS: 6.4 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-10-01
High

CVE-2020-15663

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Serv…

CVSS: 8.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-09-29
High

CVE-2020-24562

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escala…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-24
High

CVE-2020-17365

Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. Th…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-23
High

CVE-2020-25826

PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2019-16000

A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted d…

CVSS: 4.4 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2019-15287

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected sy…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2019-15285

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected sy…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2019-15283

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected sy…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2020-09-22
High

CVE-2020-14031

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as N…

CVSS: 7.2 CWE: N/A View on NVD
2020-09-21
Medium

CVE-2020-6567

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML pa…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2020-09-18
High

CVE-2020-3979

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not require…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-5976

NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component tr…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-5975

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2020-25744

SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA…

CVSS: 8.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-16
Medium

CVE-2020-3990

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A maliciou…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2020-3989

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious a…

CVSS: 3.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2020-3988

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal…

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-3987

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor wi…

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2020-3986

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal acce…

CVSS: 6.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-10733

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working…

CVSS: 7.3 CWE: CWE-426 - Untrusted Search Path View on NVD
2020-09-14
Medium

CVE-2020-7807

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing…

CVSS: 5.6 CWE: CWE-353 - Missing Support for Integrity Check View on NVD
2020-09-11
Medium

CVE-2020-1598

<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerabili…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2020-1593

<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected…

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2020-1592

<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a special…

CVSS: 4.4 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2020-1589

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to f…

CVSS: 4.4 CWE: N/A View on NVD
High

CVE-2020-1559

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated pr…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1532

<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execution on th…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1508

<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected…

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2020-1507

<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated pri…

CVSS: 7.9 CWE: N/A View on NVD
High

CVE-2020-1491

<p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could exec…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1471

<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated p…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2020-1319

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take contro…

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2020-1303

<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1285

<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability co…

CVSS: 8.4 CWE: N/A View on NVD
Medium

CVE-2020-1256

<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1252

<p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted ap…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1245

<p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-1228

<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become no…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-1169

<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1152

<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a tar…

CVSS: 5.8 CWE: N/A View on NVD
High

CVE-2020-1129

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take contro…

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2020-1122

<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run proc…

CVSS: 5.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2020-1115

<p>An elevation of privilege vulnerability exists when the <a href="https://technet.microsoft.com/library/security/dn848375.aspx#CLFS">Windows Common Log File System (CLFS)</a> driver improperly hand…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1097

<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-1091

<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-1083

<p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could ob…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1074

<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1039

<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbi…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1038

<p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system t…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-1034

<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevat…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2020-1033

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to f…

CVSS: 4.0 CWE: N/A View on NVD
High

CVE-2020-1031

<p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p> <p>To exploit the vulnerability, an unauthentica…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-1030

<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerabil…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1013

<p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissio…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2020-16879

<p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could obtain info…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-16854

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to f…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-16853

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could…

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-16852

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2020-16851

<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could…

CVSS: 7.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2020-0998

<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run process…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0997

<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary c…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2020-0989

<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2020-0951

<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this…

CVSS: 6.7 CWE: N/A View on NVD
Medium

CVE-2020-0928

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to f…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-0922

<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary c…

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2020-0914

<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-0912

<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to ga…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2020-0911

<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary co…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0908

<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a vict…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-0886

<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated pr…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0836

<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become no…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2020-0805

<p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a ta…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2020-0782

<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-0648

<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain execu…

CVSS: 7.8 CWE: N/A View on NVD
2020-09-10
Medium

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a log…

CVSS: 5.5 CWE: CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer View on NVD
Medium

CVE-2020-7315

DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL.

CVSS: 6.0 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2020-7312

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a com…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-7311

Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log fi…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-09-09
Medium

CVE-2020-15785

A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the…

CVSS: 5.3 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Medium

CVE-2020-7323

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via tr…

CVSS: 6.9 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2020-7322

Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly log…

CVSS: 4.7 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2020-7320

Protection Mechanism Failure vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local administrator to temporarily reduce the detection capabilit…

CVSS: 6.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2020-7319

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have ac…

CVSS: 8.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-09-04
Medium

CVE-2020-7299

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges…

CVSS: 5.0 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2020-3541

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated,…

CVSS: 4.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-3537

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message…

CVSS: 5.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2020-3495

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker c…

CVSS: 9.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3430

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to im…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2020-09-03
High

CVE-2020-24161

Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-24160

Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-09-01
High

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporar…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-24556

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard l…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-08-31
Medium

CVE-2020-5419

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the Rabbit…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-08-30
High

CVE-2020-8097

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tampe…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
2020-08-26
Medium

CVE-2020-3440

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to imprope…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2020-08-21
High

CVE-2020-24574

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Wind…

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2020-08-17
High

CVE-2020-1587

An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain ex…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1585

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control o…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2020-1579

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain executi…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1578

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass.…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2020-1574

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitra…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2020-1571

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After suc…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2020-1566

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code i…

CVSS: 4.2 CWE: N/A View on NVD
High

CVE-2020-1565

An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain ex…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2020-1564

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitra…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1560

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control o…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1558

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitra…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1557

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitra…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2020-1556

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with el…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1554

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, cha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1553

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1552

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes i…

CVSS: 8.0 CWE: N/A View on NVD
High

CVE-2020-1551

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1550

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the vict…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1549

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the vict…

CVSS: 7.8 CWE: N/A View on NVD