CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3601 CVE-2020-1507 269 2020-09-11 2020-09-17
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'.
3602 CVE-2020-1506 269 2020-09-11 2020-09-17
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'Windows Start-Up Application Elevation of Privilege Vulnerability'.
3603 CVE-2020-1492 119 Overflow Mem. Corr. 2020-08-17 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1525, CVE-2020-1554.
3604 CVE-2020-1478 119 Overflow Mem. Corr. 2020-08-17 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.
3605 CVE-2020-1477 119 Overflow Mem. Corr. 2020-08-17 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1379, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.
3606 CVE-2020-1473 119 Exec Code Overflow 2020-08-17 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1557, CVE-2020-1558, CVE-2020-1564.
3607 CVE-2020-1460 Exec Code 2020-09-11 2020-09-17
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
3608 CVE-2020-1457 119 Exec Code Overflow 2020-07-27 2020-08-27
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1425.
3609 CVE-2020-1448 119 Exec Code Overflow 2020-07-14 2020-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
3610 CVE-2020-1447 119 Exec Code Overflow 2020-07-14 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.
3611 CVE-2020-1446 119 Exec Code Overflow 2020-07-14 2020-07-21
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.
3612 CVE-2020-1439 502 Exec Code 2020-07-14 2020-07-23
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
3613 CVE-2020-1436 20 Exec Code 2020-07-14 2020-08-25
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
3614 CVE-2020-1425 119 Exec Code Overflow 2020-07-27 2020-07-29
6.8
None Remote Medium Not required Partial Partial Partial
A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457.
3615 CVE-2020-1379 119 Overflow Mem. Corr. 2020-08-17 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554.
3616 CVE-2020-1349 119 Exec Code Overflow 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
3617 CVE-2020-1338 94 Exec Code 2020-09-11 2020-09-16
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.
3618 CVE-2020-1335 119 Exec Code Overflow 2020-09-11 2020-09-13
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594.
3619 CVE-2020-1332 119 Exec Code Overflow 2020-09-11 2020-09-13
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1335, CVE-2020-1594.
3620 CVE-2020-1321 119 Exec Code Overflow 2020-06-09 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.
3621 CVE-2020-1314 269 2020-06-09 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.
3622 CVE-2020-1313 269 2020-06-09 2020-09-28
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.
3623 CVE-2020-1311 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'.
3624 CVE-2020-1309 269 +Priv 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1222.
3625 CVE-2020-1305 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'.
3626 CVE-2020-1304 269 2020-06-09 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1306, CVE-2020-1334.
3627 CVE-2020-1303 269 2020-09-11 2020-09-17
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1169.
3628 CVE-2020-1301 Exec Code 2020-06-09 2020-06-15
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.
3629 CVE-2020-1300 Exec Code 2020-06-09 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka 'Windows Remote Code Execution Vulnerability'.
3630 CVE-2020-1295 269 2020-06-09 2020-06-15
6.5
None Remote Low ??? Partial Partial Partial
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
3631 CVE-2020-1294 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287.
3632 CVE-2020-1292 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'.
3633 CVE-2020-1291 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
3634 CVE-2020-1287 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294.
3635 CVE-2020-1282 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.
3636 CVE-2020-1281 20 Exec Code 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.
3637 CVE-2020-1280 269 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'.
3638 CVE-2020-1255 434 2020-06-09 2020-06-11
6.5
None Remote Low ??? Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
3639 CVE-2020-1252 Exec Code 2020-09-11 2020-09-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
3640 CVE-2020-1241 20 Bypass 2020-06-09 2020-06-14
6.8
None Remote Medium Not required Partial Partial Partial
A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.
3641 CVE-2020-1239 119 Overflow Mem. Corr. 2020-06-09 2020-06-11
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.
3642 CVE-2020-1238 119 Overflow Mem. Corr. 2020-06-09 2020-06-11
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239.
3643 CVE-2020-1237 269 2020-06-09 2020-06-14
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
3644 CVE-2020-1235 269 2020-06-09 2020-06-11
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.
3645 CVE-2020-1234 269 +Priv 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
3646 CVE-2020-1233 269 2020-06-09 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.
3647 CVE-2020-1231 269 2020-06-09 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.
3648 CVE-2020-1223 20 Exec Code 2020-06-09 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.
3649 CVE-2020-1218 94 Exec Code 2020-09-11 2020-09-16
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.
3650 CVE-2020-1217 200 +Info 2020-06-09 2020-06-14
6.8
None Remote Medium Not required Partial Partial Partial
An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.