CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 54/121 • 14518 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14518 CVEs for this tag (all time). In the last 365 days, 1678 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2020-08-17
High

CVE-2020-1548

An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1547

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1546

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1545

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1544

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1543

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1542

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1541

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1540

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1539

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1538

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1537

An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privile…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1536

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1535

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim sy…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1534

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1533

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with el…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1531

An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1530

An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1529

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could r…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1528

An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1527

An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1526

An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on t…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1525

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, cha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1524

An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory. To exploit this vulnerability, an attacker would first have to gain execution on the…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1522

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim s…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1521

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim s…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1520

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim sys…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1519

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1518

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1517

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1516

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the vi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1515

An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1513

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim syst…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1512

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain i…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1492

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, cha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1489

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim syst…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1488

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-1486

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code i…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1485

An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability c…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1484

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the vi…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1480

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could r…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1478

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, cha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1477

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, cha…

CVSS: 7.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1474

An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability c…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1473

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitra…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An at…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1470

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the vi…

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2020-1467

An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elev…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2020-1466

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1464

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed…

CVSS: 7.8 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2020-1417

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code i…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-1379

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, cha…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1378

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1377

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1339

A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected syst…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1337

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2020-3435

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an aff…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-3434

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS)…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-3433

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2020-8230

A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2020-08-14
High

CVE-2020-9767

A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running with elevated pr…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2020-15145

In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user ma…

CVSS: 6.7 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2020-22722

Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious…

CVSS: 7.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2020-08-13
High

CVE-2020-16087

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafte…

CVSS: 8.6 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
High

CVE-2020-8688

Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-0559

Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privil…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2020-0554

Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2020-0553

Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-8763

Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local acc…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-08-11
Medium

CVE-2020-13179

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confiden…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2020-13178

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow a…

CVSS: 6.7 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2020-13177

The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2020-11552

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vul…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2020-08-10
High

CVE-2020-15657

Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: Thi…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2020-08-06
Critical

CVE-2020-7361

The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct…

CVSS: 9.6 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with thi…

CVSS: 8.4 CWE: CWE-264 View on NVD
2020-08-04
Medium

CVE-2020-4631

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2020-08-03
Medium

CVE-2020-8575

Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).

CVSS: 4.4 CWE: N/A View on NVD
2020-07-31
High

CVE-2020-5384

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerabil…

CVSS: 8.4 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2020-07-30
Medium

CVE-2020-7205

A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arb…

CVSS: 6.7 CWE: N/A View on NVD
2020-07-29
High

CVE-2020-13699

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10:…

CVSS: 8.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2020-07-27
High

CVE-2020-1457

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. Th…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1425

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. T…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-15593

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other proces…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-15592

SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative t…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2020-07-24
High

CVE-2020-10610

In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at W…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2020-8207

Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2020-07-23
Medium

CVE-2020-7520

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on th…

CVSS: 4.7 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2020-07-17
High

CVE-2020-5131

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. T…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-14039

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Window…

CVSS: 5.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
2020-07-15
High

CVE-2020-14628

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exp…

CVSS: 8.2 CWE: N/A View on NVD
2020-07-14
Medium

CVE-2020-1468

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2020-1463

An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1438

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulne…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1437

An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of P…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1436

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vul…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2020-1435

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2020-1434

An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'.

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2020-1431

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability,…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-1430

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1429

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1428

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulne…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1427

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulne…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2020-1426

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2020-1424

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1423

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1422

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1421

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could ga…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2020-1420

An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the vic…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2020-1419

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique…

CVSS: 5.5 CWE: CWE-909 - Missing Initialization of Resource View on NVD
High

CVE-2020-1418

An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnosti…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1415

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1414

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1413

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CV…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1411

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique fro…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1410

A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim open…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1408

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.

CVSS: 8.8 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2020-1407

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is u…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1406

An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2020-1405

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Pri…

CVSS: 7.1 CWE: N/A View on NVD