| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1051 |
CVE-2020-1470 |
269 |
|
+Priv |
2020-08-17 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1484, CVE-2020-1516. |
|
1052 |
CVE-2020-1467 |
269 |
|
|
2020-08-17 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'. |
|
1053 |
CVE-2020-1466 |
20 |
|
DoS |
2020-08-17 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'. |
|
1054 |
CVE-2020-1464 |
347 |
|
|
2020-08-17 |
2020-08-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'. |
|
1055 |
CVE-2020-1459 |
200 |
|
+Info |
2020-08-17 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation, aka 'Windows ARM Information Disclosure Vulnerability'. |
|
1056 |
CVE-2020-1455 |
20 |
|
DoS |
2020-08-17 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka 'Microsoft SQL Server Management Studio Denial of Service Vulnerability'. |
|
1057 |
CVE-2020-1417 |
269 |
|
|
2020-08-17 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1486, CVE-2020-1566. |
|
1058 |
CVE-2020-1383 |
200 |
|
+Info |
2020-08-17 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'. |
|
1059 |
CVE-2020-1380 |
787 |
|
Exec Code Mem. Corr. |
2020-08-17 |
2022-04-28 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570. |
|
1060 |
CVE-2020-1379 |
119 |
|
Overflow Mem. Corr. |
2020-08-17 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554. |
|
1061 |
CVE-2020-1378 |
787 |
|
|
2020-08-17 |
2022-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377. |
|
1062 |
CVE-2020-1377 |
|
|
|
2020-08-17 |
2022-05-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378. |
|
1063 |
CVE-2020-1339 |
119 |
|
Exec Code Overflow |
2020-08-17 |
2021-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'. |
|
1064 |
CVE-2020-1337 |
269 |
|
|
2020-08-17 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. |
|
1065 |
CVE-2020-1182 |
20 |
|
Exec Code |
2020-08-17 |
2021-07-21 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. |
|
1066 |
CVE-2020-1046 |
|
|
Exec Code |
2020-08-17 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'. |
|
1067 |
CVE-2020-0604 |
|
|
Exec Code |
2020-08-17 |
2020-08-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. |
|
1068 |
CVE-2020-0559 |
732 |
|
|
2020-08-13 |
2022-04-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1069 |
CVE-2020-0555 |
20 |
|
|
2020-08-13 |
2020-08-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1070 |
CVE-2020-0554 |
362 |
|
|
2020-08-13 |
2020-08-19 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access. |
|
1071 |
CVE-2020-0553 |
125 |
|
|
2020-08-13 |
2020-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. |
|
1072 |
CVE-2020-0513 |
787 |
|
|
2020-08-13 |
2020-08-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1073 |
CVE-2020-0512 |
755 |
|
DoS |
2020-08-13 |
2020-08-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. |
|
1074 |
CVE-2020-0510 |
125 |
|
|
2020-08-13 |
2020-08-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
1075 |
CVE-2020-0261 |
269 |
|
Bypass |
2020-08-13 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841 |
|
1076 |
CVE-2020-0260 |
125 |
|
|
2020-08-11 |
2020-08-14 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 |
|
1077 |
CVE-2020-0259 |
269 |
|
|
2020-08-11 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A |
|
1078 |
CVE-2020-0258 |
459 |
|
|
2020-08-11 |
2022-05-03 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956 |
|
1079 |
CVE-2020-0257 |
269 |
|
Bypass |
2020-08-11 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968 |
|
1080 |
CVE-2020-0256 |
787 |
|
|
2020-08-11 |
2021-02-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864 |
|
1081 |
CVE-2020-0254 |
125 |
|
|
2020-08-11 |
2020-08-12 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 |
|
1082 |
CVE-2020-0253 |
416 |
|
Mem. Corr. |
2020-08-11 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365 |
|
1083 |
CVE-2020-0252 |
416 |
|
Mem. Corr. |
2020-08-11 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803 |
|
1084 |
CVE-2020-0251 |
125 |
|
|
2020-08-11 |
2020-08-12 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 |
|
1085 |
CVE-2020-0250 |
200 |
|
+Info |
2020-08-11 |
2021-07-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934 |
|
1086 |
CVE-2020-0249 |
200 |
|
Bypass +Info |
2020-08-11 |
2021-07-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656 |
|
1087 |
CVE-2020-0248 |
200 |
|
Bypass +Info |
2020-08-11 |
2021-07-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439 |
|
1088 |
CVE-2020-0247 |
835 |
|
DoS |
2020-08-11 |
2021-07-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409 |
|
1089 |
CVE-2020-0243 |
416 |
|
|
2020-08-11 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303 |
|
1090 |
CVE-2020-0242 |
416 |
|
|
2020-08-11 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722 |
|
1091 |
CVE-2020-0241 |
415 |
|
Mem. Corr. |
2020-08-11 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 |
|
1092 |
CVE-2020-0240 |
787 |
|
Exec Code Overflow |
2020-08-11 |
2020-08-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594 |
|
1093 |
CVE-2020-0239 |
200 |
|
Bypass +Info |
2020-08-11 |
2021-07-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863 |
|
1094 |
CVE-2020-0238 |
367 |
|
|
2020-08-11 |
2020-08-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634 |
|
1095 |
CVE-2020-0108 |
269 |
|
Bypass |
2020-08-11 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616 |
|
1096 |
CVE-2019-20383 |
59 |
|
|
2020-08-13 |
2020-08-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. |
|
1097 |
CVE-2019-20152 |
79 |
|
XSS |
2020-08-20 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application. |
|
1098 |
CVE-2019-20151 |
79 |
|
XSS |
2020-08-20 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s). |
|
1099 |
CVE-2019-20150 |
522 |
|
|
2020-08-20 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host. |
|
1100 |
CVE-2019-20001 |
269 |
|
|
2020-08-04 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. |
