Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

stack.watch can email you when security vulnerabilities are reported in any Microsoft product. You can add multiple products that you use with Microsoft to create your own personal software stack watcher.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 101521 vulnerabilities

Microsoft Windows Server 20161488 vulnerabilities

Microsoft Windows Server 20191242 vulnerabilities

Microsoft Windows Server 2012931 vulnerabilities

Microsoft Windows 8.1920 vulnerabilities

Microsoft Windows 7878 vulnerabilities

Microsoft Windows Rt 8 1874 vulnerabilities

Microsoft Windows Server 2008861 vulnerabilities

Microsoft Office207 vulnerabilities

Microsoft ChakraCore183 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Server176 vulnerabilities

Microsoft Sharepoint Foundation117 vulnerabilities

Microsoft Office 365 Proplus83 vulnerabilities

Microsoft Excel67 vulnerabilities
Spreadsheet Software

Microsoft Office Online Server49 vulnerabilities

Microsoft Word48 vulnerabilities

Microsoft Exchange Server41 vulnerabilities

Microsoft Visual Studio 201739 vulnerabilities

Microsoft Office Web Apps37 vulnerabilities

Microsoft Windows Server36 vulnerabilities

Microsoft 365 Apps34 vulnerabilities

Microsoft Visual Studio 201934 vulnerabilities

Microsoft Azure Devops Server25 vulnerabilities

Microsoft Outlook25 vulnerabilities

Microsoft Edge Browser24 vulnerabilities
Web Browser based on Chromium

Microsoft Dynamics 36523 vulnerabilities

Microsoft ASP.NET Core22 vulnerabilities

Microsoft Visual Studio17 vulnerabilities
Developer IDE

Microsoft Project Server16 vulnerabilities

Microsoft Azure Sphere15 vulnerabilities

Microsoft .NET Core15 vulnerabilities

Microsoft Excel Viewer14 vulnerabilities

Microsoft Powershell Core14 vulnerabilities

Microsoft Visual Studio Code13 vulnerabilities

Microsoft Internet Explorer (IE)8 vulnerabilities
Popular web browser for windows

Microsoft Onedrive8 vulnerabilities

Microsoft Skype For Business7 vulnerabilities

Microsoft Office For Mac7 vulnerabilities

Microsoft Office Word Viewer7 vulnerabilities

Microsoft Windows Vista6 vulnerabilities

Microsoft Lync6 vulnerabilities

Microsoft Powerpoint6 vulnerabilities

Microsoft Windows 85 vulnerabilities

Microsoft Dynamics Nav5 vulnerabilities

Microsoft Excel 2013 Rt5 vulnerabilities

Microsoft Office 3655 vulnerabilities

Microsoft Powerpoint Viewer5 vulnerabilities

Microsoft Access4 vulnerabilities

Microsoft Visual Studio 20154 vulnerabilities

Microsoft SQL Server4 vulnerabilities
Database Server

Microsoft Outlook Rt4 vulnerabilities

Microsoft Project4 vulnerabilities

Microsoft Teams3 vulnerabilities

Microsoft Word Viewer3 vulnerabilities

Microsoft Windows Xp3 vulnerabilities

Microsoft 3d Viewer2 vulnerabilities

Microsoft Skype2 vulnerabilities

Microsoft Windows2 vulnerabilities

Microsoft Dynamics Crm 20152 vulnerabilities

Microsoft Excel 20072 vulnerabilities

Microsoft Excel 20102 vulnerabilities

Microsoft Yammer2 vulnerabilities

Microsoft Lync Basic2 vulnerabilities

Microsoft Lync Server2 vulnerabilities

Microsoft Nuget2 vulnerabilities

Microsoft Windows Rt2 vulnerabilities

Microsoft Publisher2 vulnerabilities

Microsoft Azure Umqtt C1 vulnerability

Microsoft Ie1 vulnerability

Microsoft Infopath1 vulnerability

@msftsecurity Tweets

Learn how #MISA partner @Avanade integrates with Azure Sentinel to deliver tailored security operations services:… https://t.co/XYGCvPKkjX
Fri Jan 15 23:00:08 +0000 2021

☑️ Longer-term data retention ☑️ Faster access to data ☑️ Access to crucial events for investigations Sound great?… https://t.co/VgXIrrs9Xz
Fri Jan 15 21:00:03 +0000 2021

How it started: How it's going: https://t.co/d07lj0cqMT
Fri Jan 15 19:00:01 +0000 2021

Learn how to configure conditional access policies in #AzureAD. Check out the interactive guide ⬇️ https://t.co/H7L6XJWpCj
Fri Jan 15 18:00:01 +0000 2021

The cost of non-compliance with regulatory requirements stretches from fines to your business's reputation. Learn h… https://t.co/sdVJBc75E5
Fri Jan 15 17:00:02 +0000 2021

By the Year

In 2021 there have been 25 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1187 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.01.

Year Vulnerabilities Average Score
2021 25 7.37
2020 1187 7.36
2019 759 7.23
2018 576 6.89

It may take a day or so for new Microsoft vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Security Vulnerabilities

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1642 7.8 - High - January 12, 2021

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.

CVE-2021-1642 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft SQL Elevation of Privilege Vulnerability

CVE-2021-1636 8.8 - High - January 12, 2021

Microsoft SQL Elevation of Privilege Vulnerability

CVE-2021-1636 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1712 8 - High - January 12, 2021

Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.

CVE-2021-1712 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique

CVE-2021-1717 5.4 - Medium - January 12, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.

CVE-2021-1717 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique

CVE-2021-1641 5.4 - Medium - January 12, 2021

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.

CVE-2021-1641 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1653 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1653 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1713 7.8 - High - January 12, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.

CVE-2021-1713 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1714 7.8 - High - January 12, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.

CVE-2021-1714 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1715 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.

CVE-2021-1715 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1716 7.8 - High - January 12, 2021

Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.

CVE-2021-1716 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1644 7.8 - High - January 12, 2021

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1643.

CVE-2021-1644 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1655 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1655 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique

CVE-2021-1638 5.5 - Medium - January 12, 2021

Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.

CVE-2021-1638 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

AuthZ

Windows Docker Information Disclosure Vulnerability

CVE-2021-1645 5.5 - Medium - January 12, 2021

Windows Docker Information Disclosure Vulnerability

CVE-2021-1645 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Microsoft splwow64 Elevation of Privilege Vulnerability

CVE-2021-1648 7.8 - High - January 12, 2021

Microsoft splwow64 Elevation of Privilege Vulnerability

CVE-2021-1648 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1654 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1654 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Microsoft Defender Remote Code Execution Vulnerability

CVE-2021-1647 7.8 - High - January 12, 2021

Microsoft Defender Remote Code Execution Vulnerability

CVE-2021-1647 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1657 7.8 - High - January 12, 2021

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2021-1657 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

ASP.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1723 7.5 - High - January 12, 2021

ASP.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1723 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique

CVE-2021-1643 7.8 - High - January 12, 2021

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1644.

CVE-2021-1643 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1649 7.8 - High - January 12, 2021

Active Template Library Elevation of Privilege Vulnerability

CVE-2021-1649 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2021-1650 7.8 - High - January 12, 2021

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2021-1650 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2021-1652 7.8 - High - January 12, 2021

Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.

CVE-2021-1652 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows WLAN Service Elevation of Privilege Vulnerability

CVE-2021-1646 7.8 - High - January 12, 2021

Windows WLAN Service Elevation of Privilege Vulnerability

CVE-2021-1646 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows DNS Query Information Disclosure Vulnerability

CVE-2021-1637 5.5 - Medium - January 12, 2021

Windows DNS Query Information Disclosure Vulnerability

CVE-2021-1637 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'

CVE-2020-17158 8.8 - High - December 10, 2020

, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17152.

CVE-2020-17158 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Microsoft Edge for Android Spoofing Vulnerability'.

CVE-2020-17153 6.1 - Medium - December 10, 2020

, aka 'Microsoft Edge for Android Spoofing Vulnerability'.

CVE-2020-17153 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'

CVE-2020-17132 9.1 - Critical - December 10, 2020

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.

CVE-2020-17132 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Control of Generation of Code ('Code Injection')

, aka 'Kerberos Security Feature Bypass Vulnerability'.

CVE-2020-16996 6.5 - Medium - December 10, 2020

, aka 'Kerberos Security Feature Bypass Vulnerability'.

CVE-2020-16996 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

, aka 'Windows Digital Media Receiver Elevation of Privilege Vulnerability'.

CVE-2020-17097 7.8 - High - December 10, 2020

, aka 'Windows Digital Media Receiver Elevation of Privilege Vulnerability'.

CVE-2020-17097 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

CVE-2020-17120 6.5 - Medium - December 10, 2020

, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

CVE-2020-17120 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Hyper-V Remote Code Execution Vulnerability'.

CVE-2020-17095 9.9 - Critical - December 10, 2020

, aka 'Hyper-V Remote Code Execution Vulnerability'.

CVE-2020-17095 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

, aka 'Microsoft Exchange Information Disclosure Vulnerability'.

CVE-2020-17143 8.8 - High - December 10, 2020

, aka 'Microsoft Exchange Information Disclosure Vulnerability'.

CVE-2020-17143 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Information Leak

, aka 'Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability'.

CVE-2020-17148 7.8 - High - December 10, 2020

, aka 'Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability'.

CVE-2020-17148 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Azure DevOps Server Spoofing Vulnerability'.

CVE-2020-17135 5.4 - Medium - December 10, 2020

, aka 'Azure DevOps Server Spoofing Vulnerability'.

CVE-2020-17135 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'

CVE-2020-17144 8.4 - High - December 10, 2020

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.

CVE-2020-17144 is exploitable with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Visual Studio Remote Code Execution Vulnerability'.

CVE-2020-17156 7.8 - High - December 10, 2020

, aka 'Visual Studio Remote Code Execution Vulnerability'.

CVE-2020-17156 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17127 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.

CVE-2020-17127 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'

CVE-2020-17142 9.1 - Critical - December 10, 2020

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144.

CVE-2020-17142 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Control of Generation of Code ('Code Injection')

, aka 'Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability'.

CVE-2020-17159 7.8 - High - December 10, 2020

, aka 'Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability'.

CVE-2020-17159 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Microsoft SharePoint Spoofing Vulnerability'.

CVE-2020-17115 8 - High - December 10, 2020

, aka 'Microsoft SharePoint Spoofing Vulnerability'.

CVE-2020-17115 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

, aka 'Windows GDI+ Information Disclosure Vulnerability'.

CVE-2020-17098 5.5 - Medium - December 10, 2020

, aka 'Windows GDI+ Information Disclosure Vulnerability'.

CVE-2020-17098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'

CVE-2020-17118 9.8 - Critical - December 10, 2020

, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17121.

CVE-2020-17118 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16963 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.

CVE-2020-16963 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulnerability'.

CVE-2020-17145 5.4 - Medium - December 10, 2020

, aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulnerability'.

CVE-2020-17145 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'

CVE-2020-17121 8.8 - High - December 10, 2020

, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17118.

CVE-2020-17121 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

CVE-2020-17089 8 - High - December 10, 2020

, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

CVE-2020-17089 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Error Reporting Information Disclosure Vulnerability'

CVE-2020-17138 5.5 - Medium - December 10, 2020

, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-17094.

CVE-2020-17138 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16961 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16961 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16958 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16958 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'

CVE-2020-17136 7.8 - High - December 10, 2020

, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.

CVE-2020-17136 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Overlay Filter Security Feature Bypass Vulnerability'.

CVE-2020-17139 7.8 - High - December 10, 2020

, aka 'Windows Overlay Filter Security Feature Bypass Vulnerability'.

CVE-2020-17139 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Outlook Information Disclosure Vulnerability'.

CVE-2020-17119 7.5 - High - December 10, 2020

, aka 'Microsoft Outlook Information Disclosure Vulnerability'.

CVE-2020-17119 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17123 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.

CVE-2020-17123 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.

CVE-2020-17124 7.8 - High - December 10, 2020

, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.

CVE-2020-17124 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17125 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.

CVE-2020-17125 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVE-2020-17126 5.5 - Medium - December 10, 2020

, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVE-2020-17126 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17128 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.

CVE-2020-17128 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17129 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.

CVE-2020-17129 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Excel Security Feature Bypass Vulnerability'.

CVE-2020-17130 6.5 - Medium - December 10, 2020

, aka 'Microsoft Excel Security Feature Bypass Vulnerability'.

CVE-2020-17130 is exploitable with local system access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

CVE-2020-17150 7.8 - High - December 10, 2020

, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

CVE-2020-17150 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'

CVE-2020-17141 8.4 - High - December 10, 2020

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.

CVE-2020-17141 can be explotited with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'.

CVE-2020-17147 5.4 - Medium - December 10, 2020

, aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'.

CVE-2020-17147 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

, aka 'Windows NTFS Remote Code Execution Vulnerability'.

CVE-2020-17096 8.8 - High - December 10, 2020

, aka 'Windows NTFS Remote Code Execution Vulnerability'.

CVE-2020-17096 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'

CVE-2020-17103 7.8 - High - December 10, 2020

, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.

CVE-2020-17103 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'

CVE-2020-17152 8.8 - High - December 10, 2020

, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17158.

CVE-2020-17152 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

, aka 'Azure SDK for C Security Feature Bypass Vulnerability'.

CVE-2020-17002 9.1 - Critical - December 10, 2020

, aka 'Azure SDK for C Security Feature Bypass Vulnerability'.

CVE-2020-17002 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

, aka 'Microsoft Excel Remote Code Execution Vulnerability'

CVE-2020-17122 7.8 - High - December 10, 2020

, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.

CVE-2020-17122 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Windows SMB Information Disclosure Vulnerability'.

CVE-2020-17140 6.5 - Medium - December 10, 2020

, aka 'Windows SMB Information Disclosure Vulnerability'.

CVE-2020-17140 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

, aka 'DirectX Graphics Kernel Elevation of Privilege Vulnerability'.

CVE-2020-17137 7.8 - High - December 10, 2020

, aka 'DirectX Graphics Kernel Elevation of Privilege Vulnerability'.

CVE-2020-17137 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

CVE-2020-17133 6.5 - Medium - December 10, 2020

, aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

CVE-2020-17133 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

CVE-2020-17092 7.8 - High - December 10, 2020

, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

CVE-2020-17092 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16964 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.

CVE-2020-16964 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16959 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16959 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Lock Screen Security Feature Bypass Vulnerability'.

CVE-2020-17099 6.8 - Medium - December 10, 2020

, aka 'Windows Lock Screen Security Feature Bypass Vulnerability'.

CVE-2020-17099 can be explotited with physical access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.9 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'

CVE-2020-17117 7.2 - High - December 10, 2020

, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.

CVE-2020-17117 can be explotited with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

CVE-2020-17131 7.5 - High - December 10, 2020

, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

CVE-2020-17131 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'.

CVE-2020-16971 9.1 - Critical - December 10, 2020

, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'.

CVE-2020-16971 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'

CVE-2020-17134 7.8 - High - December 10, 2020

, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.

CVE-2020-17134 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Error Reporting Information Disclosure Vulnerability'

CVE-2020-17094 5.5 - Medium - December 10, 2020

, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-17138.

CVE-2020-17094 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16960 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16960 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'

CVE-2020-16962 7.8 - High - December 10, 2020

, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.

CVE-2020-16962 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter

CVE-2020-10146 5.4 - Medium - December 09, 2020

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.

CVE-2020-10146 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS

CVE-2020-26233 7.3 - High - December 08, 2020

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.

CVE-2020-26233 can be explotited with network access, requires user interaction and user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.0 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Use of Incorrectly-Resolved Name or Reference

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2020-17019 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17064, CVE-2020-17065, CVE-2020-17066.

CVE-2020-17019 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Double-free

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique

CVE-2020-17066 7.8 - High - November 11, 2020

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17065.

CVE-2020-17066 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

WebP Image Extensions Information Disclosure Vulnerability

CVE-2020-17102 5.5 - Medium - November 11, 2020

WebP Image Extensions Information Disclosure Vulnerability

CVE-2020-17102 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Microsoft Office Online Spoofing Vulnerability

CVE-2020-17063 5.4 - Medium - November 11, 2020

Microsoft Office Online Spoofing Vulnerability

CVE-2020-17063 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique

CVE-2020-17109 7.8 - High - November 11, 2020

HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.

CVE-2020-17109 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique

CVE-2020-17078 9.8 - Critical - November 11, 2020

Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.

CVE-2020-17078 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17044 7.8 - High - November 11, 2020

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.

CVE-2020-17044 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique

CVE-2020-17048 8.1 - High - November 11, 2020

Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.

CVE-2020-17048 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Windows Graphics Component Information Disclosure Vulnerability

CVE-2020-17004 5.5 - Medium - November 11, 2020

Windows Graphics Component Information Disclosure Vulnerability

CVE-2020-17004 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-17027 7.8 - High - November 11, 2020

Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.

CVE-2020-17027 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVE-2020-17012 7.8 - High - November 11, 2020

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVE-2020-17012 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Kernel Elevation of Privilege Vulnerability

CVE-2020-17035 7.8 - High - November 11, 2020

Windows Kernel Elevation of Privilege Vulnerability

CVE-2020-17035 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16981 6.2 - Medium - November 11, 2020

Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16988, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993.

CVE-2020-16981 can be explotited with physical access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Windows Delivery Optimization Information Disclosure Vulnerability

CVE-2020-17071 5.5 - Medium - November 11, 2020

Windows Delivery Optimization Information Disclosure Vulnerability

CVE-2020-17071 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Windows Network File System Remote Code Execution Vulnerability

CVE-2020-17051 9.8 - Critical - November 11, 2020

Windows Network File System Remote Code Execution Vulnerability

CVE-2020-17051 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique

CVE-2020-16989 6.2 - Medium - November 11, 2020

Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16992, CVE-2020-16993.

CVE-2020-16989 can be explotited with physical access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8