Total
8212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4257 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635. | |||||
| CVE-2020-9677 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9724 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-9132 | 2 Kakaocorp, Microsoft | 2 Kakaotalk, Windows | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Remote code execution vulnerability exists in KaKaoTalk PC messenger when user clicks specially crafted link in the message window. This affects KaKaoTalk windows version 2.7.5.2024 or lower. | |||||
| CVE-2020-24562 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. | |||||
| CVE-2020-4422 | 2 Ibm, Microsoft | 2 I2 Analysts Notebook, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. | |||||
| CVE-2020-12304 | 2 Intel, Microsoft | 2 Dynamic Application Loader Software Developement Kit, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-4841 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045. | |||||
| CVE-2019-7076 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-26894 | 2 Faulknermedia, Microsoft | 2 Wildlife Issues In The New Millennium, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe". | |||||
| CVE-2019-20357 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus \+ Security 2019, Antivirus \+ Security 2020 and 6 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. | |||||
| CVE-2020-15593 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. | |||||
| CVE-2020-3710 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-19693 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-3739 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3714 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7846 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2020-9570 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-8602 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | |||||
| CVE-2020-10862 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. | |||||