Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21337 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7286 2 Mcafee, Microsoft 2 Endpoint Detection And Response, Windows 2024-11-21 4.6 MEDIUM 7.8 HIGH
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
CVE-2020-7252 2 Mcafee, Microsoft 2 Data Exchange Layer, Windows 2024-11-21 1.9 LOW 4.2 MEDIUM
Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
CVE-2020-7211 3 Libslirp Project, Microsoft, Qemu 3 Libslirp, Windows, Qemu 2024-11-21 5.0 MEDIUM 7.5 HIGH
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
CVE-2020-7140 3 Hp, Microsoft, Redhat 4 Icewall Sso Dfw, Icewall Sso Dgfw, Windows and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess
CVE-2020-7061 3 Microsoft, Php, Tenable 3 Windows, Php, Tenable.sc 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2020-6938 3 Linux, Microsoft, Tableau 3 Linux Kernel, Windows, Tableau Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.
CVE-2020-6799 2 Microsoft, Mozilla 3 Windows, Firefox, Firefox Esr 2024-11-21 5.1 MEDIUM 8.8 HIGH
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
CVE-2020-6567 5 Debian, Fedoraproject, Google and 2 more 6 Debian Linux, Fedora, Chrome and 3 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVE-2020-5992 2 Microsoft, Nvidia 2 Windows, Geforce Now 2024-11-21 4.4 MEDIUM 7.8 HIGH
NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.
CVE-2020-5991 2 Microsoft, Nvidia 2 Windows, Cuda Toolkit 2024-11-21 4.6 MEDIUM 7.8 HIGH
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-5976 4 Apple, Google, Microsoft and 1 more 6 Macos, Android, Android Tv and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.
CVE-2020-5975 3 Apple, Microsoft, Nvidia 3 Macos, Windows, Geforce Now 2024-11-21 5.0 MEDIUM 7.5 HIGH
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.
CVE-2020-5964 2 Microsoft, Nvidia 10 Windows, Geforce, Geforce Experience and 7 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure.
CVE-2020-5958 2 Microsoft, Nvidia 6 Windows, Geforce Experience, Quadro and 3 more 2024-11-21 4.4 MEDIUM 7.8 HIGH
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure.
CVE-2020-5957 2 Microsoft, Nvidia 6 Windows, Geforce Experience, Quadro and 3 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
CVE-2020-5855 2 F5, Microsoft 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows 2024-11-21 4.6 MEDIUM 4.3 MEDIUM
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
CVE-2020-5794 2 Microsoft, Tenable 2 Windows, Nessus Network Monitor 2024-11-21 4.6 MEDIUM 7.8 HIGH
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
CVE-2020-5793 2 Microsoft, Tenable 3 Windows, Nessus, Nessus Agent 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
CVE-2020-5740 2 Microsoft, Plex 2 Windows, Media Server 2024-11-21 7.2 HIGH 7.8 HIGH
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
CVE-2020-5674 2 Epson, Microsoft 37 Album Print, Color Calibration Utility, Colorbase and 34 more 2024-11-21 4.4 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.