CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2020-1349 119 Exec Code Overflow 2020-07-14 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
1302 CVE-2020-1347 269 2020-07-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'.
1303 CVE-2020-1346 269 2020-07-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.
1304 CVE-2020-1344 269 2020-07-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1362, CVE-2020-1369.
1305 CVE-2020-1342 908 2020-07-14 2021-07-21
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
1306 CVE-2020-1336 269 2020-07-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1411.
1307 CVE-2020-1333 269 2020-07-14 2021-07-21
3.7
None Local High Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.
1308 CVE-2020-1330 200 +Info 2020-07-14 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.
1309 CVE-2020-1326 79 XSS 2020-07-14 2020-07-15
3.5
None Remote Medium ??? None Partial None
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
1310 CVE-2020-1267 20 DoS 2020-07-14 2021-07-21
4.0
None Remote Low ??? None None Partial
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.
1311 CVE-2020-1249 269 2020-07-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422.
1312 CVE-2020-1240 119 Exec Code Overflow 2020-07-14 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
1313 CVE-2020-1147 Exec Code 2020-07-14 2022-04-01
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
1314 CVE-2020-1085 269 2020-07-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.
1315 CVE-2020-1043 20 Exec Code 2020-07-14 2020-07-21
7.7
None Local Network Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042.
1316 CVE-2020-1042 20 Exec Code 2020-07-14 2020-07-21
7.7
None Local Network Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043.
1317 CVE-2020-1041 20 Exec Code 2020-07-14 2020-07-21
7.7
None Local Network Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043.
1318 CVE-2020-1040 20 Exec Code 2020-07-14 2020-07-21
7.7
None Local Network Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
1319 CVE-2020-1036 20 Exec Code 2020-07-14 2020-07-21
7.7
None Local Network Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
1320 CVE-2020-1032 20 Exec Code 2020-07-14 2020-07-21
7.7
None Local Network Low ??? Complete Complete Complete
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
1321 CVE-2020-1025 269 2020-07-14 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation, aka 'Microsoft Office Elevation of Privilege Vulnerability'.
1322 CVE-2020-0305 362 2020-07-17 2020-08-21
4.4
None Local Medium Not required Partial Partial Partial
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744
1323 CVE-2020-0231 787 2020-07-17 2020-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727
1324 CVE-2020-0230 787 2020-07-17 2020-07-21
7.5
None Remote Low Not required Partial Partial Partial
There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262
1325 CVE-2020-0228 200 +Info 2020-07-17 2021-07-21
5.0
None Remote Low Not required Partial None None
There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723
1326 CVE-2020-0227 276 Exec Code Bypass 2020-07-17 2020-07-21
7.2
None Local Low Not required Complete Complete Complete
In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching from the background, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-129476618
1327 CVE-2020-0226 843 2020-07-17 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150226994
1328 CVE-2020-0225 787 Exec Code 2020-07-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668
1329 CVE-2020-0224 843 Exec Code 2020-07-17 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147664838
1330 CVE-2020-0122 276 Bypass 2020-07-17 2020-07-22
7.2
None Local Low Not required Complete Complete Complete
In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775
1331 CVE-2020-0120 787 Overflow 2020-07-17 2020-07-23
4.6
None Local Low Not required Partial Partial Partial
In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-149995442
1332 CVE-2020-0107 276 Bypass 2020-07-17 2021-07-21
2.1
None Local Low Not required Partial None None
In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146570216
1333 CVE-2019-20915 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.
1334 CVE-2019-20914 476 2020-07-16 2020-07-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.
1335 CVE-2019-20913 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.
1336 CVE-2019-20912 787 Overflow 2020-07-16 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.
1337 CVE-2019-20911 835 DoS 2020-07-16 2020-07-22
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.
1338 CVE-2019-20910 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.
1339 CVE-2019-20909 476 2020-07-16 2020-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.
1340 CVE-2019-20908 269 Bypass 2020-07-15 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
1341 CVE-2019-20907 835 2020-07-13 2022-04-28
5.0
None Remote Low Not required None None Partial
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
1342 CVE-2019-20901 601 2020-07-13 2022-03-25
5.8
None Remote Medium Not required Partial Partial None
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
1343 CVE-2019-20900 79 XSS 2020-07-13 2022-03-30
3.5
None Remote Medium ??? None Partial None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.
1344 CVE-2019-20899 2020-07-13 2022-03-30
5.0
None Remote Low Not required None None Partial
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
1345 CVE-2019-20898 200 +Info 2020-07-13 2021-07-21
5.0
None Remote Low Not required Partial None None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
1346 CVE-2019-20897 434 DoS 2020-07-13 2022-03-30
4.0
None Remote Low ??? None None Partial
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
1347 CVE-2019-20896 89 Sql 2020-07-07 2020-07-09
7.5
None Remote Low Not required Partial Partial Partial
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.
1348 CVE-2019-20894 295 2020-07-02 2021-07-28
4.3
None Remote Medium Not required Partial None None
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
1349 CVE-2019-20419 427 Exec Code 2020-07-03 2022-03-30
4.4
None Local Medium Not required Partial Partial Partial
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.
1350 CVE-2019-20418 DoS 2020-07-03 2020-07-09
4.0
None Remote Low ??? None None Partial
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.
Total number of vulnerabilities : 1418   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.