Filtered by vendor Microsoft
Subscribe
Total
21336 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3726 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3725 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3724 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3723 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3722 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3721 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3720 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3714 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3713 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3712 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3711 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3710 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2020-3131 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131. | |||||
CVE-2020-36639 | 2 Alliedmods, Microsoft | 2 Amx Mod X, Windows | 2024-11-21 | 4.7 MEDIUM | 4.3 MEDIUM |
A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability. | |||||
CVE-2020-36605 | 3 Hitachi, Linux, Microsoft | 5 Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint and 2 more | 2024-11-21 | N/A | 6.6 MEDIUM |
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00. | |||||
CVE-2020-36327 | 3 Bundler, Fedoraproject, Microsoft | 3 Bundler, Fedora, Package Manager Configurations | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | |||||
CVE-2020-36233 | 2 Atlassian, Microsoft | 2 Bitbucket, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | |||||
CVE-2020-36169 | 2 Microsoft, Veritas | 3 Windows, Netbackup, Opscenter | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations. | |||||
CVE-2020-36166 | 2 Microsoft, Veritas | 5 Windows, Infoscale, Infoscale Operations Manager and 2 more | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. | |||||
CVE-2020-36165 | 2 Microsoft, Veritas | 2 Windows, Desktop And Laptop Option | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This impacts DLO server and client installations. |