Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21331 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24415 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24414 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24413 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24412 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24411 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24410 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24409 2 Adobe, Microsoft 2 Illustrator, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-24367 2 Bluestacks, Microsoft 2 Bluestacks, Windows 2024-11-21 4.6 MEDIUM 7.8 HIGH
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.
CVE-2020-24089 2 Iobit, Microsoft 2 Malware Fighter, Windows 2024-11-21 N/A 5.5 MEDIUM
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
CVE-2020-24088 2 Foxconn, Microsoft 2 Live Update Utility, Windows 2024-11-21 N/A 7.8 HIGH
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.
CVE-2020-24003 1 Microsoft 1 Skype 2024-11-21 2.1 LOW 3.3 LOW
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
CVE-2020-23315 1 Microsoft 1 Chakracore 2024-11-21 5.0 MEDIUM 7.5 HIGH
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
CVE-2020-22722 2 Microsoft, Rapidscada 2 Windows, Rapid Scada 2024-11-21 7.2 HIGH 7.8 HIGH
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC.
CVE-2020-20950 5 Apple, Ietf, Linux and 2 more 5 Macos, Public Key Cryptography Standards \#1, Linux Kernel and 2 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
CVE-2020-20907 2 Metinfo, Microsoft 2 Metinfo, Windows 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
CVE-2020-1991 2 Microsoft, Paloaltonetworks 2 Windows, Traps 2024-11-21 3.6 LOW 7.8 HIGH
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
CVE-2020-1986 2 Microsoft, Paloaltonetworks 2 Windows, Secdo 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
CVE-2020-1985 2 Microsoft, Paloaltonetworks 2 Windows, Secdo 2024-11-21 4.6 MEDIUM 7.8 HIGH
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
CVE-2020-1984 2 Microsoft, Paloaltonetworks 2 Windows, Secdo 2024-11-21 7.2 HIGH 7.8 HIGH
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
CVE-2020-1599 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Windows Spoofing Vulnerability