Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18568 | 2 Avira, Microsoft | 2 Free Antivirus, Windows | 2020-10-22 | 7.2 HIGH | 8.8 HIGH |
| Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user. | |||||
| CVE-2019-8454 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2020-10-22 | 6.9 MEDIUM | 7.0 HIGH |
| A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | |||||
| CVE-2020-16897 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-10-22 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory, aka 'NetBT Information Disclosure Vulnerability'. | |||||
| CVE-2020-17003 | 1 Microsoft | 1 3d Viewer | 2020-10-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16918. | |||||
| CVE-2020-16918 | 1 Microsoft | 2 365 Apps, 3d Viewer | 2020-10-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17003. | |||||
| CVE-2020-16969 | 1 Microsoft | 1 Exchange Server | 2020-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka 'Microsoft Exchange Information Disclosure Vulnerability'. | |||||
| CVE-2020-16886 | 1 Microsoft | 1 Powershellget | 2020-10-21 | 7.2 HIGH | 6.7 MEDIUM |
| A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka 'PowerShellGet Module WDAC Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-16940 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-10-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points, aka 'Windows - User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-16949 | 1 Microsoft | 11 365 Apps, Office, Outlook and 8 more | 2020-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'. | |||||
| CVE-2020-16951 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16952. | |||||
| CVE-2020-16952 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951. | |||||
| CVE-2020-16910 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-10-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka 'Windows Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-16863 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-10-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Service Denial of Service Vulnerability'. | |||||
| CVE-2020-1243 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-10-21 | 4.6 MEDIUM | 7.8 HIGH |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2016-4800 | 2 Eclipse, Microsoft | 2 Jetty, Windows | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | |||||
| CVE-2020-16901 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16938. | |||||
| CVE-2020-16938 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16901. | |||||
| CVE-2020-16957 | 1 Microsoft | 2 365 Apps, Office | 2020-10-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. | |||||
| CVE-2020-16948 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-10-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953. | |||||
| CVE-2020-16977 | 1 Microsoft | 1 Visual Studio Code | 2020-10-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. | |||||