Filtered by vendor Microsoft
Subscribe
Total
21354 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12897 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. | |||||
CVE-2020-12895 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. | |||||
CVE-2020-12894 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. | |||||
CVE-2020-12893 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. | |||||
CVE-2020-12892 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. | |||||
CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | |||||
CVE-2020-12772 | 2 Igniterealtime, Microsoft | 2 Spark, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) | |||||
CVE-2020-12695 | 21 Asus, Broadcom, Canon and 18 more | 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
CVE-2020-12651 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | |||||
CVE-2020-12427 | 3 Apple, Microsoft, Westerndigital | 3 Macos, Windows, Wd Discovery | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. | |||||
CVE-2020-12423 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. | |||||
CVE-2020-12393 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
CVE-2020-12389 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. | |||||
CVE-2020-12388 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. | |||||
CVE-2020-12306 | 2 Intel, Microsoft | 2 Realsense D400 Series Dynamic Calibration Tool, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-12304 | 2 Intel, Microsoft | 2 Dynamic Application Loader Software Developement Kit, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
CVE-2020-12248 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | |||||
CVE-2020-12247 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | |||||
CVE-2020-11694 | 2 Jetbrains, Microsoft | 2 Pycharm, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | |||||
CVE-2020-11583 | 2 Microsoft, Plesk | 2 Windows, Obsidian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. |