CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2020-2008 78 DoS Exec Code 2020-05-13 2020-05-14
9.0
None Remote Low ??? Complete Complete Complete
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.
652 CVE-2020-2007 78 Exec Code 2020-05-13 2020-05-19
9.0
None Remote Low ??? Complete Complete Complete
An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
653 CVE-2020-2006 787 Exec Code Overflow 2020-05-13 2020-05-14
9.0
None Remote Low ??? Complete Complete Complete
A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14.
654 CVE-2020-2005 79 XSS 2020-05-13 2020-05-18
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0.
655 CVE-2020-2003 DoS 2020-05-13 2020-05-15
8.5
None Remote Low ??? None Complete Complete
An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1.
656 CVE-2020-2002 290 Bypass 2020-05-13 2020-05-19
6.8
None Remote Medium Not required Partial Partial Partial
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.
657 CVE-2020-2001 787 2020-05-13 2020-05-15
7.5
None Remote Low Not required Partial Partial Partial
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama.
658 CVE-2020-1998 863 Bypass 2020-05-13 2020-05-19
6.5
None Remote Low ??? Partial Partial Partial
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.
659 CVE-2020-1997 601 2020-05-13 2020-05-18
5.8
None Remote Medium Not required Partial Partial None
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.
660 CVE-2020-1996 862 2020-05-13 2020-05-18
5.0
None Remote Low Not required None Partial None
A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.
661 CVE-2020-1995 476 DoS 2020-05-13 2020-05-15
6.8
None Remote Low ??? None None Complete
A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2.
662 CVE-2020-1994 2020-05-13 2020-05-18
4.9
None Local Low Not required None Complete None
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7.
663 CVE-2020-1993 384 2020-05-13 2020-05-15
5.5
None Remote Low ??? Partial Partial None
The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8.
664 CVE-2020-1961 74 Exec Code 2020-05-04 2020-05-07
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
665 CVE-2020-1959 94 Exec Code 2020-05-04 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.
666 CVE-2020-1956 78 Exec Code 2020-05-22 2020-07-15
9.0
None Remote Low ??? Complete Complete Complete
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
667 CVE-2020-1955 269 2020-05-20 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue.
668 CVE-2020-1941 79 XSS 2020-05-14 2021-07-20
4.3
None Remote Medium Not required None Partial None
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
669 CVE-2020-1939 476 2020-05-12 2020-05-19
5.1
None Remote High Not required Partial Partial Partial
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.
670 CVE-2020-1897 416 2020-05-18 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.
671 CVE-2020-1870 772 DoS 2020-05-29 2020-11-18
5.0
None Remote Low Not required None None Partial
There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of operations to exploit this vulnerability. Successful exploit may cause a denial of service. Affected product versions include: CloudEngine 12800 versions V200R019C00SPC800; CloudEngine 5800 versions V200R019C00SPC800; CloudEngine 6800 versions V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R019C00SPC800; NE40E versions V800R011C00SPC200, V800R011C00SPC300, V800R011C10SPC100; NE40E-F versions V800R011C00SPC200, V800R011C10SPC100; NE40E-M versions V800R011C00SPC200, V800R011C10SPC100.
672 CVE-2020-1832 787 Exec Code Overflow 2020-05-29 2020-06-02
5.8
None Local Network Low Not required Partial Partial Partial
E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution.
673 CVE-2020-1808 125 2020-05-15 2020-07-27
5.8
None Remote Medium Not required Partial None Partial
Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal.
674 CVE-2020-1799 416 Exec Code 2020-05-21 2020-05-21
5.4
None Local Network Medium Not required Partial Partial Partial
E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution.
675 CVE-2020-1763 125 2020-05-12 2021-02-12
5.0
None Remote Low Not required None None Partial
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
676 CVE-2020-1758 295 2020-05-15 2020-05-19
4.3
None Remote Medium Not required Partial None None
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
677 CVE-2020-1732 20 2020-05-04 2020-05-08
4.9
None Remote Medium ??? Partial Partial None
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
678 CVE-2020-1724 613 2020-05-11 2022-04-25
4.0
None Remote Low ??? Partial None None
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.
679 CVE-2020-1718 287 2020-05-12 2020-05-14
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
680 CVE-2020-1714 20 Exec Code 2020-05-13 2021-10-19
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
681 CVE-2020-1695 2020-05-19 2022-01-01
5.0
None Remote Low Not required None Partial None
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
682 CVE-2020-1631 22 Dir. Trav. File Inclusion 2020-05-04 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=*;*&" or "*%3b*&" in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match "=*;*&|=*%3b*&" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match "=*;*&|=*%3b*&" user@device> show log httpd.log.1.gz | match "=*;*&|=*%3b*&" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2.
683 CVE-2020-1195 269 2020-05-21 2021-07-21
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.
684 CVE-2020-1192 Exec Code 2020-05-21 2021-12-01
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.
685 CVE-2020-1191 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190.
686 CVE-2020-1190 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191.
687 CVE-2020-1189 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191.
688 CVE-2020-1188 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.
689 CVE-2020-1187 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.
690 CVE-2020-1186 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.
691 CVE-2020-1185 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.
692 CVE-2020-1184 269 2020-05-21 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191.
693 CVE-2020-1179 200 +Info 2020-05-21 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145.
694 CVE-2020-1176 119 Exec Code Overflow 2020-05-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175.
695 CVE-2020-1175 119 Exec Code Overflow 2020-05-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176.
696 CVE-2020-1174 119 Exec Code Overflow 2020-05-21 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176.
697 CVE-2020-1171 Exec Code 2020-05-21 2021-12-01
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.
698 CVE-2020-1166 269 2020-05-21 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1165.
699 CVE-2020-1165 269 2020-05-21 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1166.
700 CVE-2020-1164 269 2020-05-21 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158.
Total number of vulnerabilities : 866   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.