Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Microsoft ChakraCore183 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge
@msftsecurity Tweets

Fri Jan 15 23:00:08 +0000 2021

Fri Jan 15 21:00:03 +0000 2021

Fri Jan 15 19:00:01 +0000 2021

Fri Jan 15 18:00:01 +0000 2021

Fri Jan 15 17:00:02 +0000 2021
By the Year
In 2021 there have been 25 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1187 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.01.
Year | Vulnerabilities | Average Score |
---|---|---|
2021 | 25 | 7.37 |
2020 | 1187 | 7.36 |
2019 | 759 | 7.23 |
2018 | 576 | 6.89 |
It may take a day or so for new Microsoft vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Microsoft Security Vulnerabilities
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1642
7.8 - High
- January 12, 2021
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1685.
CVE-2021-1642 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636
8.8 - High
- January 12, 2021
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1712
8 - High
- January 12, 2021
Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1719.
CVE-2021-1712 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique
CVE-2021-1717
5.4 - Medium
- January 12, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1641.
CVE-2021-1717 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique
CVE-2021-1641
5.4 - Medium
- January 12, 2021
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-1717.
CVE-2021-1641 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1653
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1653 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1713
7.8 - High
- January 12, 2021
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1714.
CVE-2021-1713 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Memory Corruption
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1714
7.8 - High
- January 12, 2021
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1713.
CVE-2021-1714 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1715
7.8 - High
- January 12, 2021
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.
CVE-2021-1715 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1716
7.8 - High
- January 12, 2021
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.
CVE-2021-1716 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1644
7.8 - High
- January 12, 2021
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1643.
CVE-2021-1644 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1655
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1655 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique
CVE-2021-1638
5.5 - Medium
- January 12, 2021
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.
CVE-2021-1638 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
AuthZ
Windows Docker Information Disclosure Vulnerability
CVE-2021-1645
5.5 - Medium
- January 12, 2021
Windows Docker Information Disclosure Vulnerability
CVE-2021-1645 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1648
7.8 - High
- January 12, 2021
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2021-1648 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1654
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1654 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647
7.8 - High
- January 12, 2021
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657
7.8 - High
- January 12, 2021
Windows Fax Compose Form Remote Code Execution Vulnerability
CVE-2021-1657 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723
7.5 - High
- January 12, 2021
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique
CVE-2021-1643
7.8 - High
- January 12, 2021
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1644.
CVE-2021-1643 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649
7.8 - High
- January 12, 2021
Active Template Library Elevation of Privilege Vulnerability
CVE-2021-1649 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1650
7.8 - High
- January 12, 2021
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2021-1650 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2021-1652
7.8 - High
- January 12, 2021
Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
CVE-2021-1652 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1646
7.8 - High
- January 12, 2021
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2021-1646 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1637
5.5 - Medium
- January 12, 2021
Windows DNS Query Information Disclosure Vulnerability
CVE-2021-1637 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'
CVE-2020-17158
8.8 - High
- December 10, 2020
, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17152.
CVE-2020-17158 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Microsoft Edge for Android Spoofing Vulnerability'.
CVE-2020-17153
6.1 - Medium
- December 10, 2020
, aka 'Microsoft Edge for Android Spoofing Vulnerability'.
CVE-2020-17153 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'
CVE-2020-17132
9.1 - Critical
- December 10, 2020
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
CVE-2020-17132 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Improper Control of Generation of Code ('Code Injection')
, aka 'Kerberos Security Feature Bypass Vulnerability'.
CVE-2020-16996
6.5 - Medium
- December 10, 2020
, aka 'Kerberos Security Feature Bypass Vulnerability'.
CVE-2020-16996 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
, aka 'Windows Digital Media Receiver Elevation of Privilege Vulnerability'.
CVE-2020-17097
7.8 - High
- December 10, 2020
, aka 'Windows Digital Media Receiver Elevation of Privilege Vulnerability'.
CVE-2020-17097 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
CVE-2020-17120
6.5 - Medium
- December 10, 2020
, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
CVE-2020-17120 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
, aka 'Hyper-V Remote Code Execution Vulnerability'.
CVE-2020-17095
9.9 - Critical
- December 10, 2020
, aka 'Hyper-V Remote Code Execution Vulnerability'.
CVE-2020-17095 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 3.1 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
, aka 'Microsoft Exchange Information Disclosure Vulnerability'.
CVE-2020-17143
8.8 - High
- December 10, 2020
, aka 'Microsoft Exchange Information Disclosure Vulnerability'.
CVE-2020-17143 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Information Leak
, aka 'Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability'.
CVE-2020-17148
7.8 - High
- December 10, 2020
, aka 'Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability'.
CVE-2020-17148 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Azure DevOps Server Spoofing Vulnerability'.
CVE-2020-17135
5.4 - Medium
- December 10, 2020
, aka 'Azure DevOps Server Spoofing Vulnerability'.
CVE-2020-17135 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'
CVE-2020-17144
8.4 - High
- December 10, 2020
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142.
CVE-2020-17144 is exploitable with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Visual Studio Remote Code Execution Vulnerability'.
CVE-2020-17156
7.8 - High
- December 10, 2020
, aka 'Visual Studio Remote Code Execution Vulnerability'.
CVE-2020-17156 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Microsoft Excel Remote Code Execution Vulnerability'
CVE-2020-17127
7.8 - High
- December 10, 2020
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17128, CVE-2020-17129.
CVE-2020-17127 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'
CVE-2020-17142
9.1 - Critical
- December 10, 2020
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144.
CVE-2020-17142 is exploitable with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Improper Control of Generation of Code ('Code Injection')
, aka 'Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability'.
CVE-2020-17159
7.8 - High
- December 10, 2020
, aka 'Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability'.
CVE-2020-17159 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Microsoft SharePoint Spoofing Vulnerability'.
CVE-2020-17115
8 - High
- December 10, 2020
, aka 'Microsoft SharePoint Spoofing Vulnerability'.
CVE-2020-17115 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Input Validation
, aka 'Windows GDI+ Information Disclosure Vulnerability'.
CVE-2020-17098
5.5 - Medium
- December 10, 2020
, aka 'Windows GDI+ Information Disclosure Vulnerability'.
CVE-2020-17098 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'
CVE-2020-17118
9.8 - Critical
- December 10, 2020
, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17121.
CVE-2020-17118 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16963
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16964.
CVE-2020-16963 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulnerability'.
CVE-2020-17145
5.4 - Medium
- December 10, 2020
, aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulnerability'.
CVE-2020-17145 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'
CVE-2020-17121
8.8 - High
- December 10, 2020
, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17118.
CVE-2020-17121 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2020-17089
8 - High
- December 10, 2020
, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2020-17089 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Error Reporting Information Disclosure Vulnerability'
CVE-2020-17138
5.5 - Medium
- December 10, 2020
, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-17094.
CVE-2020-17138 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16961
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16961 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16958
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16958 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'
CVE-2020-17136
7.8 - High
- December 10, 2020
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17103, CVE-2020-17134.
CVE-2020-17136 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Overlay Filter Security Feature Bypass Vulnerability'.
CVE-2020-17139
7.8 - High
- December 10, 2020
, aka 'Windows Overlay Filter Security Feature Bypass Vulnerability'.
CVE-2020-17139 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Outlook Information Disclosure Vulnerability'.
CVE-2020-17119
7.5 - High
- December 10, 2020
, aka 'Microsoft Outlook Information Disclosure Vulnerability'.
CVE-2020-17119 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
, aka 'Microsoft Excel Remote Code Execution Vulnerability'
CVE-2020-17123
7.8 - High
- December 10, 2020
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
CVE-2020-17123 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.
CVE-2020-17124
7.8 - High
- December 10, 2020
, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.
CVE-2020-17124 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Excel Remote Code Execution Vulnerability'
CVE-2020-17125
7.8 - High
- December 10, 2020
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
CVE-2020-17125 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2020-17126
5.5 - Medium
- December 10, 2020
, aka 'Microsoft Excel Information Disclosure Vulnerability'.
CVE-2020-17126 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
, aka 'Microsoft Excel Remote Code Execution Vulnerability'
CVE-2020-17128
7.8 - High
- December 10, 2020
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17129.
CVE-2020-17128 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Excel Remote Code Execution Vulnerability'
CVE-2020-17129
7.8 - High
- December 10, 2020
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128.
CVE-2020-17129 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Excel Security Feature Bypass Vulnerability'.
CVE-2020-17130
6.5 - Medium
- December 10, 2020
, aka 'Microsoft Excel Security Feature Bypass Vulnerability'.
CVE-2020-17130 is exploitable with local system access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
CVE-2020-17150
7.8 - High
- December 10, 2020
, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
CVE-2020-17150 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'
CVE-2020-17141
8.4 - High
- December 10, 2020
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17117, CVE-2020-17132, CVE-2020-17142, CVE-2020-17144.
CVE-2020-17141 can be explotited with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'.
CVE-2020-17147
5.4 - Medium
- December 10, 2020
, aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'.
CVE-2020-17147 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
, aka 'Windows NTFS Remote Code Execution Vulnerability'.
CVE-2020-17096
8.8 - High
- December 10, 2020
, aka 'Windows NTFS Remote Code Execution Vulnerability'.
CVE-2020-17096 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'
CVE-2020-17103
7.8 - High
- December 10, 2020
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.
CVE-2020-17103 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'
CVE-2020-17152
8.8 - High
- December 10, 2020
, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17158.
CVE-2020-17152 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Control of Generation of Code ('Code Injection')
, aka 'Azure SDK for C Security Feature Bypass Vulnerability'.
CVE-2020-17002
9.1 - Critical
- December 10, 2020
, aka 'Azure SDK for C Security Feature Bypass Vulnerability'.
CVE-2020-17002 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
, aka 'Microsoft Excel Remote Code Execution Vulnerability'
CVE-2020-17122
7.8 - High
- December 10, 2020
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129.
CVE-2020-17122 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Windows SMB Information Disclosure Vulnerability'.
CVE-2020-17140
6.5 - Medium
- December 10, 2020
, aka 'Windows SMB Information Disclosure Vulnerability'.
CVE-2020-17140 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
, aka 'DirectX Graphics Kernel Elevation of Privilege Vulnerability'.
CVE-2020-17137
7.8 - High
- December 10, 2020
, aka 'DirectX Graphics Kernel Elevation of Privilege Vulnerability'.
CVE-2020-17137 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
CVE-2020-17133
6.5 - Medium
- December 10, 2020
, aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
CVE-2020-17133 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Information Leak
, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
CVE-2020-17092
7.8 - High
- December 10, 2020
, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
CVE-2020-17092 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16964
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963.
CVE-2020-16964 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16959
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16959 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Lock Screen Security Feature Bypass Vulnerability'.
CVE-2020-17099
6.8 - Medium
- December 10, 2020
, aka 'Windows Lock Screen Security Feature Bypass Vulnerability'.
CVE-2020-17099 can be explotited with physical access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.9 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'
CVE-2020-17117
7.2 - High
- December 10, 2020
, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17144.
CVE-2020-17117 can be explotited with network access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
CVE-2020-17131
7.5 - High
- December 10, 2020
, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
CVE-2020-17131 can be explotited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Out-of-bounds Write
, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'.
CVE-2020-16971
9.1 - Critical
- December 10, 2020
, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'.
CVE-2020-16971 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'
CVE-2020-17134
7.8 - High
- December 10, 2020
, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-17103, CVE-2020-17136.
CVE-2020-17134 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Error Reporting Information Disclosure Vulnerability'
CVE-2020-17094
5.5 - Medium
- December 10, 2020
, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-17138.
CVE-2020-17094 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16960
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16960 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'
CVE-2020-16962
7.8 - High
- December 10, 2020
, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16963, CVE-2020-16964.
CVE-2020-16962 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter
CVE-2020-10146
5.4 - Medium
- December 09, 2020
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.
CVE-2020-10146 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS
CVE-2020-26233
7.3 - High
- December 08, 2020
Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.
CVE-2020-26233 can be explotited with network access, requires user interaction and user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.0 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Use of Incorrectly-Resolved Name or Reference
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique
CVE-2020-17019
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17064, CVE-2020-17065, CVE-2020-17066.
CVE-2020-17019 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Double-free
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique
CVE-2020-17066
7.8 - High
- November 11, 2020
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17065.
CVE-2020-17066 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
WebP Image Extensions Information Disclosure Vulnerability
CVE-2020-17102
5.5 - Medium
- November 11, 2020
WebP Image Extensions Information Disclosure Vulnerability
CVE-2020-17102 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Microsoft Office Online Spoofing Vulnerability
CVE-2020-17063
5.4 - Medium
- November 11, 2020
Microsoft Office Online Spoofing Vulnerability
CVE-2020-17063 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique
CVE-2020-17109
7.8 - High
- November 11, 2020
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.
CVE-2020-17109 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique
CVE-2020-17078
9.8 - Critical
- November 11, 2020
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.
CVE-2020-17078 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17044
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055.
CVE-2020-17044 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique
CVE-2020-17048
8.1 - High
- November 11, 2020
Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.
CVE-2020-17048 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004
5.5 - Medium
- November 11, 2020
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-17027
7.8 - High
- November 11, 2020
Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055.
CVE-2020-17027 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2020-17012
7.8 - High
- November 11, 2020
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2020-17012 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-17035
7.8 - High
- November 11, 2020
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-17035 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16981
6.2 - Medium
- November 11, 2020
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16988, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993.
CVE-2020-16981 can be explotited with physical access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management
Windows Delivery Optimization Information Disclosure Vulnerability
CVE-2020-17071
5.5 - Medium
- November 11, 2020
Windows Delivery Optimization Information Disclosure Vulnerability
CVE-2020-17071 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Windows Network File System Remote Code Execution Vulnerability
CVE-2020-17051
9.8 - Critical
- November 11, 2020
Windows Network File System Remote Code Execution Vulnerability
CVE-2020-17051 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique
CVE-2020-16989
6.2 - Medium
- November 11, 2020
Azure Sphere Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-16981, CVE-2020-16988, CVE-2020-16992, CVE-2020-16993.
CVE-2020-16989 can be explotited with physical access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.3 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Privilege Management