CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2020 (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-17139 Bypass 2020-12-10 2021-03-03
4.6
None Local Low Not required Partial Partial Partial
Windows Overlay Filter Security Feature Bypass Vulnerability
2 CVE-2020-17130 Bypass 2020-12-10 2021-03-04
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft Excel Security Feature Bypass Vulnerability
3 CVE-2020-17099 Bypass 2020-12-10 2021-03-03
4.6
None Local Low Not required Partial Partial Partial
Windows Lock Screen Security Feature Bypass Vulnerability
4 CVE-2020-17090 Bypass 2020-11-11 2020-12-01
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
5 CVE-2020-17067 Bypass 2020-11-11 2020-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Security Feature Bypass Vulnerability
6 CVE-2020-17049 269 Bypass 2020-11-11 2020-11-23
9.0
None Remote Low ??? Complete Complete Complete
Kerberos Security Feature Bypass Vulnerability
7 CVE-2020-17040 287 Bypass 2020-11-11 2020-11-19
7.5
None Remote Low Not required Partial Partial Partial
Windows Hyper-V Security Feature Bypass Vulnerability
8 CVE-2020-17020 287 Bypass 2020-11-11 2020-11-19
2.1
None Local Low Not required Partial None None
Microsoft Word Security Feature Bypass Vulnerability
9 CVE-2020-17002 Bypass 2020-12-10 2021-03-03
9.4
None Remote Low Not required Complete Complete None
Azure SDK for C Security Feature Bypass Vulnerability
10 CVE-2020-16996 Bypass 2020-12-10 2021-03-03
4.0
None Remote Low ??? None Partial None
Kerberos Security Feature Bypass Vulnerability
11 CVE-2020-16971 Bypass 2020-12-10 2021-03-03
6.4
None Remote Low Not required Partial Partial None
Azure SDK for Java Security Feature Bypass Vulnerability
12 CVE-2020-16933 755 Bypass 2020-10-16 2020-10-21
6.8
None Remote Medium Not required Partial Partial Partial
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files, aka 'Microsoft Word Security Feature Bypass Vulnerability'.
13 CVE-2020-16910 281 Bypass 2020-10-16 2020-10-21
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka 'Windows Security Feature Bypass Vulnerability'.
14 CVE-2020-16886 Bypass 2020-10-16 2020-10-21
7.2
None Local Low Not required Complete Complete Complete
A security feature bypass vulnerability exists in the PowerShellGet V2 module, aka 'PowerShellGet Module WDAC Security Feature Bypass Vulnerability'.
15 CVE-2020-15707 362 Exec Code Overflow Bypass 2020-07-29 2021-05-01
4.4
None Local Medium Not required Partial Partial Partial
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
16 CVE-2020-15706 362 Exec Code Bypass 2020-07-29 2021-05-01
4.4
None Local Medium Not required Partial Partial Partial
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
17 CVE-2020-15705 347 Bypass 2020-07-29 2021-05-01
4.4
None Local Medium Not required Partial Partial Partial
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
18 CVE-2020-1578 200 Bypass +Info 2020-08-17 2020-08-24
1.9
None Local Medium Not required Partial None None
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka 'Windows Kernel Information Disclosure Vulnerability'.
19 CVE-2020-1259 522 Bypass 2020-06-09 2020-06-16
4.0
None Remote Low ??? Partial None None
A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.
20 CVE-2020-1241 20 Bypass 2020-06-09 2020-06-14
6.8
None Remote Medium Not required Partial Partial Partial
A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.
21 CVE-2020-1229 200 Bypass +Info 2020-06-09 2020-06-15
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
22 CVE-2020-1113 295 Bypass 2020-05-21 2020-05-27
9.3
None Remote Medium Not required Complete Complete Complete
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'.
23 CVE-2020-1045 Bypass 2020-09-11 2020-10-02
5.0
None Remote Low Not required None Partial None
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
24 CVE-2020-1044 20 Bypass 2020-09-11 2020-09-16
4.0
None Remote Low ??? None Partial None
A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'.
25 CVE-2020-1026 682 Bypass +Info 2020-04-15 2020-04-22
7.5
None Remote Low Not required Partial Partial Partial
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'.
26 CVE-2020-0981 74 Exec Code Bypass 2020-04-15 2020-04-22
4.6
None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.
27 CVE-2020-0951 732 Bypass 2020-09-11 2020-09-15
7.2
None Local Low Not required Complete Complete Complete
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.
28 CVE-2020-0943 287 Bypass 2020-04-15 2020-04-21
2.1
None Local Low Not required Partial None None
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android Authentication Bypass Vulnerability'.
29 CVE-2020-0805 732 Bypass 2020-09-11 2020-09-17
2.1
None Local Low Not required None Partial None
A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Security Feature Bypass Vulnerability'.
30 CVE-2020-0696 Bypass 2020-02-11 2020-02-13
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of URI formats, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
31 CVE-2020-0689 20 Bypass 2020-02-11 2020-02-13
4.6
None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists in secure boot, aka 'Microsoft Secure Boot Security Feature Bypass Vulnerability'.
32 CVE-2020-0654 269 Bypass 2020-01-14 2020-01-23
6.4
None Remote Low Not required Partial Partial None
A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'.
33 CVE-2020-0621 613 Bypass 2020-01-14 2020-01-17
2.1
None Local Low Not required None Partial None
A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.