Filtered by vendor Microsoft
Subscribe
Total
21883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15601 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. | |||||
| CVE-2020-15593 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. | |||||
| CVE-2020-15592 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved. | |||||
| CVE-2020-15523 | 3 Microsoft, Netapp, Python | 3 Windows, Snapcenter, Python | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | |||||
| CVE-2020-15351 | 2 Idrive, Microsoft | 2 Idrive, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one. | |||||
| CVE-2020-15261 | 2 Microsoft, Veyon | 2 Windows, Veyon | 2024-11-21 | 7.2 HIGH | 8.0 HIGH |
| On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users. | |||||
| CVE-2020-15138 | 3 Apple, Microsoft, Prismjs | 3 Safari, Internet Explorer, Previewers | 2024-11-21 | 2.6 LOW | 7.1 HIGH |
| Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround. | |||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | |||||
| CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | |||||
| CVE-2020-13699 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | |||||
| CVE-2020-13417 | 4 Apple, Aviatrix, Linux and 1 more | 6 Macos, Controller, Gateway and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | |||||
| CVE-2020-12987 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass. | |||||
| CVE-2020-12986 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service. | |||||
| CVE-2020-12985 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
| CVE-2020-12983 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service. | |||||
| CVE-2020-12982 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
| CVE-2020-12981 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. | |||||
| CVE-2020-12980 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
| CVE-2020-12963 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. | |||||