Total
6504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2020-04-06 | 10.0 HIGH | 9.8 CRITICAL |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | |||||
| CVE-2020-8144 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2020-04-03 | 5.2 MEDIUM | 8.4 HIGH |
| The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer. | |||||
| CVE-2020-10860 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2020-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). | |||||
| CVE-2020-10865 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2020-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process. | |||||
| CVE-2020-10866 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2020-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC. | |||||
| CVE-2020-10867 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2020-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled. | |||||
| CVE-2020-3808 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2020-03-27 | 5.8 MEDIUM | 5.9 MEDIUM |
| Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion. | |||||
| CVE-2020-9551 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9552 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-10964 | 2 Microsoft, S9y | 2 Windows, Serendipity | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | |||||
| CVE-2019-4681 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Tivoli Netcool\/impact, Linux Kernel and 2 more | 2020-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734. | |||||
| CVE-2020-9345 | 2 Microsoft, Signotec | 2 Windows, Signopad-api\/web | 2020-03-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited. | |||||
| CVE-2020-10659 | 2 Entrustdatacard, Microsoft | 2 Entelligence Security Provider, Windows | 2020-03-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | |||||
| CVE-2020-3951 | 2 Microsoft, Vmware | 3 Windows, Horizon Client, Workstation | 2020-03-24 | 2.1 LOW | 3.8 LOW |
| VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows (5.x and prior before 5.4.0) contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. Attackers with non-administrative access to a guest VM with virtual printing enabled may exploit this issue to create a denial-of-service condition of the Thinprint service running on the system where Workstation or Horizon Client is installed. | |||||
| CVE-2020-8878 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9625. | |||||
| CVE-2020-8879 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9626. | |||||
| CVE-2020-8877 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9624. | |||||
| CVE-2020-8880 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9773. | |||||
| CVE-2020-8881 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774. | |||||
| CVE-2020-8882 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the PSD files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9811. | |||||