CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-35609 74 DoS 2020-12-22 2020-12-23
2.1
None Local Low Not required None None Partial
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability.
2 CVE-2020-35608 74 Exec Code 2020-12-22 2020-12-23
7.2
None Local Low Not required Complete Complete Complete
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability.
3 CVE-2020-26870 79 XSS 2020-10-07 2021-02-25
4.3
None Remote Medium Not required None Partial None
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
4 CVE-2020-26233 706 2020-12-08 2021-02-18
3.6
None Remote High ??? Partial Partial None
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.
5 CVE-2020-17159 94 Exec Code 2020-12-10 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
6 CVE-2020-17158 94 Exec Code 2020-12-10 2021-03-03
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17152.
7 CVE-2020-17156 94 Exec Code 2020-12-10 2021-03-03
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Remote Code Execution Vulnerability
8 CVE-2020-17153 20 2020-12-10 2021-03-03
5.8
None Remote Medium Not required Partial Partial None
Microsoft Edge for Android Spoofing Vulnerability
9 CVE-2020-17152 94 Exec Code 2020-12-10 2021-03-04
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17158.
10 CVE-2020-17150 94 Exec Code 2020-12-10 2021-03-03
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Code Execution Vulnerability
11 CVE-2020-17148 94 Exec Code 2020-12-10 2021-03-03
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
12 CVE-2020-17147 79 XSS 2020-12-10 2021-03-03
3.5
None Remote Medium ??? None Partial None
Dynamics CRM Webclient Cross-site Scripting Vulnerability
13 CVE-2020-17145 20 2020-12-10 2021-03-04
4.9
None Remote Medium ??? Partial Partial None
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
14 CVE-2020-17144 94 Exec Code 2020-12-10 2021-03-04
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.
15 CVE-2020-17143 200 +Info 2020-12-10 2021-03-03
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Exchange Information Disclosure Vulnerability
16 CVE-2020-17142 94 Exec Code 2020-12-10 2021-03-03
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144.
17 CVE-2020-17141 94 Exec Code 2020-12-10 2021-03-03
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
18 CVE-2020-17140 200 +Info 2020-12-10 2021-03-03
4.0
None Remote Low ??? Partial None None
Windows SMB Information Disclosure Vulnerability
19 CVE-2020-17139 Bypass 2020-12-10 2021-03-03
4.6
None Local Low Not required Partial Partial Partial
Windows Overlay Filter Security Feature Bypass Vulnerability
20 CVE-2020-17138 200 +Info 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Windows Error Reporting Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-17094.
21 CVE-2020-17137 269 2020-12-10 2021-03-04
4.6
None Local Low Not required Partial Partial Partial
DirectX Graphics Kernel Elevation of Privilege Vulnerability
22 CVE-2020-17136 269 2020-12-10 2021-03-03
4.6
None Local Low Not required Partial Partial Partial
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.
23 CVE-2020-17135 20 2020-12-10 2021-03-03
4.9
None Remote Medium ??? Partial Partial None
Azure DevOps Server Spoofing Vulnerability
24 CVE-2020-17134 269 2020-12-10 2021-03-03
4.6
None Local Low Not required Partial Partial Partial
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.
25 CVE-2020-17133 200 +Info 2020-12-10 2021-03-03
4.0
None Remote Low ??? Partial None None
Microsoft Dynamics Business Central/NAV Information Disclosure
26 CVE-2020-17132 94 Exec Code 2020-12-10 2021-03-03
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
27 CVE-2020-17131 787 Mem. Corr. 2020-12-10 2021-03-04
5.1
None Remote High Not required Partial Partial Partial
Chakra Scripting Engine Memory Corruption Vulnerability
28 CVE-2020-17130 Bypass 2020-12-10 2021-03-04
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft Excel Security Feature Bypass Vulnerability
29 CVE-2020-17129 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.
30 CVE-2020-17128 Exec Code 2020-12-10 2021-03-04
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.
31 CVE-2020-17127 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.
32 CVE-2020-17126 2020-12-10 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
33 CVE-2020-17125 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
34 CVE-2020-17124 Exec Code 2020-12-10 2021-03-04
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint Remote Code Execution Vulnerability
35 CVE-2020-17123 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
36 CVE-2020-17122 Exec Code 2020-12-10 2021-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
37 CVE-2020-17121 Exec Code 2020-12-10 2021-03-04
6.5
None Remote Low ??? Partial Partial Partial
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17118.
38 CVE-2020-17120 2020-12-10 2021-03-04
4.0
None Remote Low ??? Partial None None
Microsoft SharePoint Information Disclosure Vulnerability
39 CVE-2020-17119 2020-12-10 2021-03-03
5.0
None Remote Low Not required Partial None None
Microsoft Outlook Information Disclosure Vulnerability
40 CVE-2020-17118 Exec Code 2020-12-10 2021-03-03
10.0
None Remote Low Not required Complete Complete Complete
Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17121.
41 CVE-2020-17117 Exec Code 2020-12-10 2021-03-04
9.0
None Remote Low ??? Complete Complete Complete
Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
42 CVE-2020-17115 20 2020-12-10 2021-03-03
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft SharePoint Spoofing Vulnerability
43 CVE-2020-17113 125 2020-11-11 2020-11-24
2.1
None Local Low Not required Partial None None
Windows Camera Codec Information Disclosure Vulnerability
44 CVE-2020-17110 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109.
45 CVE-2020-17109 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.
46 CVE-2020-17108 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110.
47 CVE-2020-17107 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.
48 CVE-2020-17106 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.
49 CVE-2020-17105 Exec Code 2020-11-11 2020-11-24
10.0
None Remote Low Not required Complete Complete Complete
AV1 Video Extension Remote Code Execution Vulnerability
50 CVE-2020-17104 20 Exec Code 2020-11-11 2020-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
Total number of vulnerabilities : 1220   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.