Total
8212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19697 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability. | |||||
| CVE-2019-14214 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function. | |||||
| CVE-2019-5687 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2020-08-24 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor | |||||
| CVE-2018-19716 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-14685 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security 2019, Internet Security 2019 and 2 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. | |||||
| CVE-2020-22722 | 2 Microsoft, Rapidscada | 2 Windows, Rapid Scada | 2020-08-21 | 7.2 HIGH | 7.8 HIGH |
| Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. | |||||
| CVE-2020-16087 | 2 Microsoft, Vng | 2 Windows, Zalo Desktop | 2020-08-19 | 9.3 HIGH | 8.6 HIGH |
| An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file. | |||||
| CVE-2018-4162 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2020-08-14 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2020-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | |||||
| CVE-2020-15657 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2020-08-14 | 6.9 MEDIUM | 7.8 HIGH |
| Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | |||||
| CVE-2020-7817 | 2 Microsoft, Raonwiz | 2 Windows, K Upload | 2020-08-11 | 4.6 MEDIUM | 7.8 HIGH |
| MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. | |||||
| CVE-2020-8607 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus Toolkit, Apex One and 10 more | 2020-08-11 | 7.2 HIGH | 6.7 MEDIUM |
| An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. | |||||
| CVE-2020-7810 | 2 Handysoft, Microsoft | 2 Hslogin2.dll, Windows | 2020-08-10 | 6.8 MEDIUM | 8.8 HIGH |
| hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-7803 | 2 Imgtech, Microsoft | 2 Zoneplayer, Windows | 2020-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. | |||||
| CVE-2020-7822 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-4631 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2020-08-04 | 1.9 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. | |||||
| CVE-2020-7828 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-07-31 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7827 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-07-31 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7829 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2020-07-31 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-15592 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2020-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved. | |||||