CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2020-1470 269 +Priv 2020-08-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1484, CVE-2020-1516.
1052 CVE-2020-1467 269 2020-08-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.
1053 CVE-2020-1466 20 DoS 2020-08-17 2021-07-21
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.
1054 CVE-2020-1464 347 2020-08-17 2020-08-21
2.1
None Local Low Not required None Partial None
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
1055 CVE-2020-1459 200 +Info 2020-08-17 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation, aka 'Windows ARM Information Disclosure Vulnerability'.
1056 CVE-2020-1455 20 DoS 2020-08-17 2021-07-21
2.1
None Local Low Not required None None Partial
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka 'Microsoft SQL Server Management Studio Denial of Service Vulnerability'.
1057 CVE-2020-1417 269 2020-08-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1486, CVE-2020-1566.
1058 CVE-2020-1383 200 +Info 2020-08-17 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'.
1059 CVE-2020-1380 787 Exec Code Mem. Corr. 2020-08-17 2022-04-28
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.
1060 CVE-2020-1379 119 Overflow Mem. Corr. 2020-08-17 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.
1061 CVE-2020-1378 787 2020-08-17 2022-05-03
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377.
1062 CVE-2020-1377 2020-08-17 2022-05-03
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378.
1063 CVE-2020-1339 119 Exec Code Overflow 2020-08-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'.
1064 CVE-2020-1337 269 2020-08-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
1065 CVE-2020-1182 20 Exec Code 2020-08-17 2021-07-21
6.0
None Remote Medium ??? Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'.
1066 CVE-2020-1046 Exec Code 2020-08-17 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'.
1067 CVE-2020-0604 Exec Code 2020-08-17 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
1068 CVE-2020-0559 732 2020-08-13 2022-04-28
4.6
None Local Low Not required Partial Partial Partial
Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
1069 CVE-2020-0555 20 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access.
1070 CVE-2020-0554 362 2020-08-13 2020-08-19
3.7
None Local High Not required Partial Partial Partial
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.
1071 CVE-2020-0553 125 2020-08-13 2020-08-19
2.1
None Local Low Not required Partial None None
Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.
1072 CVE-2020-0513 787 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.
1073 CVE-2020-0512 755 DoS 2020-08-13 2020-08-19
2.1
None Local Low Not required None None Partial
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.
1074 CVE-2020-0510 125 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.
1075 CVE-2020-0261 269 Bypass 2020-08-13 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841
1076 CVE-2020-0260 125 2020-08-11 2020-08-14
6.4
None Remote Low Not required Partial None Partial
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
1077 CVE-2020-0259 269 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157941353References: N/A
1078 CVE-2020-0258 459 2020-08-11 2022-05-03
4.9
None Local Low Not required Complete None None
In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-157598956
1079 CVE-2020-0257 269 Bypass 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-156741968
1080 CVE-2020-0256 787 2020-08-11 2021-02-11
7.2
None Local Low Not required Complete Complete Complete
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864
1081 CVE-2020-0254 125 2020-08-11 2020-08-12
7.8
None Remote Low Not required Complete None None
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751
1082 CVE-2020-0253 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365
1083 CVE-2020-0252 416 Mem. Corr. 2020-08-11 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803
1084 CVE-2020-0251 125 2020-08-11 2020-08-12
7.8
None Remote Low Not required Complete None None
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626
1085 CVE-2020-0250 200 +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154934934
1086 CVE-2020-0249 200 Bypass +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154719656
1087 CVE-2020-0248 200 Bypass +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154627439
1088 CVE-2020-0247 835 DoS 2020-08-11 2021-07-21
4.9
None Local Low Not required None None Complete
In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1Android ID: A-156087409
1089 CVE-2020-0243 416 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-8.0 Android-8.1Android ID: A-151644303
1090 CVE-2020-0242 416 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722
1091 CVE-2020-0241 415 Mem. Corr. 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667
1092 CVE-2020-0240 787 Exec Code Overflow 2020-08-11 2020-08-12
9.3
None Remote Medium Not required Complete Complete Complete
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150706594
1093 CVE-2020-0239 200 Bypass +Info 2020-08-11 2021-07-21
4.9
None Local Low Not required Complete None None
In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file (eg. a photo) containing location metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-151095863
1094 CVE-2020-0238 367 2020-08-11 2020-08-12
6.9
None Local Medium Not required Complete Complete Complete
In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150946634
1095 CVE-2020-0108 269 Bypass 2020-08-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616
1096 CVE-2019-20383 59 2020-08-13 2020-08-19
4.6
None Local Low Not required Partial Partial Partial
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
1097 CVE-2019-20152 79 XSS 2020-08-20 2020-08-24
4.3
None Remote Medium Not required None Partial None
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application.
1098 CVE-2019-20151 79 XSS 2020-08-20 2020-08-24
4.3
None Remote Medium Not required None Partial None
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s).
1099 CVE-2019-20150 522 2020-08-20 2021-07-21
4.0
None Remote Low ??? Partial None None
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host.
1100 CVE-2019-20001 269 2020-08-04 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
Total number of vulnerabilities : 1155   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.