Filtered by vendor Microsoft
Subscribe
Total
22322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24425 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2024-11-21 | 7.2 HIGH | 7.5 HIGH |
| Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation could result in a local user with permissions to write to the file system running system commands with administrator privileges. | |||||
| CVE-2020-24424 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24423 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24421 | 2 Adobe, Microsoft | 2 Indesign, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue. | |||||
| CVE-2020-24420 | 2 Adobe, Microsoft | 2 Photoshop, Windows | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24419 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-24418 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects version 17.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .aepx file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24415 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24414 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24413 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24412 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24411 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24410 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24409 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24367 | 2 Bluestacks, Microsoft | 2 Bluestacks, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | |||||
| CVE-2020-24089 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). | |||||
| CVE-2020-24088 | 2 Foxconn, Microsoft | 2 Live Update Utility, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges. | |||||
| CVE-2020-24003 | 1 Microsoft | 1 Skype | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. | |||||
| CVE-2020-23315 | 1 Microsoft | 1 Chakracore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | |||||
| CVE-2020-22722 | 2 Microsoft, Rapidscada | 2 Windows, Rapid Scada | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. | |||||