Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

  1. Vendors
  2. Microsoft
stack.watch can notify you when security vulnerabilities are reported in any Microsoft product. You can add multiple products that you use with Microsoft to create your own personal software stack watcher.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 101380 vulnerabilities

Microsoft Windows Server 20161350 vulnerabilities

Microsoft Windows Server 20191116 vulnerabilities

Microsoft Windows Server 2012860 vulnerabilities

Microsoft Windows 8.1853 vulnerabilities

Microsoft Windows 7817 vulnerabilities

Microsoft Windows Rt 8 1810 vulnerabilities

Microsoft Windows Server 2008799 vulnerabilities

Microsoft ChakraCore180 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Office177 vulnerabilities

Microsoft Sharepoint Enterprise Server163 vulnerabilities

Microsoft Sharepoint Server148 vulnerabilities

Microsoft Sharepoint Foundation95 vulnerabilities

Microsoft Office 365 Proplus83 vulnerabilities

Microsoft Excel51 vulnerabilities
Spreadsheet Software

Microsoft Word44 vulnerabilities

Microsoft Visual Studio 201737 vulnerabilities

Microsoft Office Compatibility Pack36 vulnerabilities

Microsoft Office Online Server36 vulnerabilities

Microsoft Windows Server36 vulnerabilities

Microsoft Visual Studio 201931 vulnerabilities

Microsoft Exchange Server31 vulnerabilities

Microsoft Office Web Apps24 vulnerabilities

Microsoft Edge Browser23 vulnerabilities
Web Browser based on Chromium

Microsoft Outlook22 vulnerabilities

Microsoft Azure Devops Server22 vulnerabilities

Microsoft ASP.NET Core21 vulnerabilities

Microsoft Team Foundation Server21 vulnerabilities

Microsoft Visual Studio17 vulnerabilities
Developer IDE

Microsoft Project Server16 vulnerabilities

Microsoft .NET Core15 vulnerabilities

Microsoft Powershell Core14 vulnerabilities

Microsoft Excel Viewer14 vulnerabilities

Microsoft Dynamics 36514 vulnerabilities

Microsoft Internet Explorer (IE)8 vulnerabilities
Popular web browser for windows

Microsoft Onedrive8 vulnerabilities

Microsoft Forefront Endpoint Protection 20107 vulnerabilities

Microsoft Visual Studio Code7 vulnerabilities

Microsoft Office For Mac7 vulnerabilities

Microsoft Office Word Viewer7 vulnerabilities

Microsoft Skype For Business7 vulnerabilities

Microsoft Security Essentials7 vulnerabilities

Microsoft Office Web Apps Server6 vulnerabilities

Microsoft Windows Vista6 vulnerabilities

Microsoft Lync6 vulnerabilities

Microsoft Powerpoint Viewer5 vulnerabilities

Microsoft Windows Server 18035 vulnerabilities

Microsoft Sql Server Management Studio5 vulnerabilities

Microsoft Excel 2013 Rt5 vulnerabilities

Microsoft Office 3655 vulnerabilities

Microsoft Powerpoint5 vulnerabilities

Microsoft Windows 85 vulnerabilities

Microsoft System Center Endpoint Protection4 vulnerabilities

Microsoft Outlook Rt4 vulnerabilities

Microsoft Dynamics Nav4 vulnerabilities

Microsoft Visual Studio 20154 vulnerabilities

Microsoft Java Software Development Kit4 vulnerabilities

Microsoft Access4 vulnerabilities

Microsoft Project4 vulnerabilities

Microsoft Open Enclave Software Development Kit3 vulnerabilities

Microsoft System Center Endpoint Protection 20123 vulnerabilities

Microsoft SQL Server3 vulnerabilities
Database Server

Microsoft Word Automation Services3 vulnerabilities

Microsoft Sharepoint Enterprise Server 20163 vulnerabilities

Microsoft Business Productivity Servers3 vulnerabilities

Microsoft 365 Apps3 vulnerabilities

Microsoft Word Viewer3 vulnerabilities

Microsoft Windows Xp3 vulnerabilities

Microsoft Dynamics 365 Business Central3 vulnerabilities

Microsoft Windows Server 17092 vulnerabilities

Microsoft Dynamics 365 Server2 vulnerabilities

Microsoft Nuget2 vulnerabilities

Microsoft Lync Basic2 vulnerabilities

Microsoft Excel 20072 vulnerabilities

Microsoft Research Javascript Cryptography Library2 vulnerabilities

Microsoft Sharepoint Enterprise Server 20132 vulnerabilities

Microsoft Windows Rt2 vulnerabilities

Microsoft Excel 20102 vulnerabilities

Microsoft Skype2 vulnerabilities

Microsoft Csharp Software Development Kit2 vulnerabilities

Microsoft Windows Server 20032 vulnerabilities

Microsoft Windows2 vulnerabilities

Microsoft Lync Server2 vulnerabilities

Microsoft Publisher2 vulnerabilities

Microsoft Power Bi Report Server2 vulnerabilities

Microsoft C Software Development Kit2 vulnerabilities

Microsoft Azure App Service On Azure Stack2 vulnerabilities

Microsoft Skype For Business Basic2 vulnerabilities

Microsoft Yammer2 vulnerabilities

Microsoft Sql Server 2017 Reporting Services1 vulnerability

Microsoft Windows Host Compute Service Shim1 vulnerability

Microsoft Asp Net Webpages1 vulnerability

Microsoft Windows 10 Mobile1 vulnerability

Microsoft Wireless Keyboard 8501 vulnerability

Microsoft Data Odata1 vulnerability

Microsoft Remote Desktop Connection Manager1 vulnerability

Microsoft Azure Automation1 vulnerability

Microsoft Infopath1 vulnerability

Microsoft Active Directory Authentication Library1 vulnerability

Microsoft Excel Services1 vulnerability

@msftsecurity Tweets

Some insider threats are accidents, and some are malicious, but both leave your company's sensitive data vulnerable… https://t.co/DkAkYM0yhk
Fri Oct 23 17:00:03 +0000 2020

Enhancing your cybersecurity is an important step in building resilience. Learn how to empower your security team a… https://t.co/O2GSKm2LNT
Fri Oct 23 00:00:00 +0000 2020

.@FrostBank has its customers’ backs. Read about how they help ensure compliance with multiple regulations by using… https://t.co/KA63kc4eaf
Thu Oct 22 18:00:33 +0000 2020

How are you responding to the increasing focus on IoT devices? Comment below. ⬇️ https://t.co/9muKIBbCjf… https://t.co/BZaqSW0uB5
Thu Oct 22 17:00:03 +0000 2020

Stop data leaks and insider attacks. Learn about the new Insider Risk Management solution within #Microsoft365: https://t.co/LBWXHIVanM
Thu Oct 22 12:30:00 +0000 2020

By the Year

In 2020 there have been 931 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 759 security vulnerabilities published. That is, 172 more vulnerabilities have already been reported in 2020 as compared to last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 0.15.

Year Vulnerabilities Average Score
2020 931 7.37
2019 759 7.23
2018 576 6.89

It may take a day or so for new Microsoft vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Security Vulnerabilities

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could

CVE-2020-1045 7.5 - High - September 11, 2020

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.

CVE-2020-1045 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

A remote code execution vulnerability exists in the way

CVE-2020-1057 8.1 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180.

CVE-2020-1057 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists in the way

CVE-2020-1172 7.5 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180.

CVE-2020-1172 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

A remote code execution vulnerability exists in the way

CVE-2020-1180 7.5 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172.

CVE-2020-1180 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

A remote code execution vulnerability exists in the way

CVE-2020-0878 7.5 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.

CVE-2020-0878 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server

CVE-2020-16860 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862.

CVE-2020-16860 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server

CVE-2020-16862 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16860.

CVE-2020-16862 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

A remote code execution vulnerability exists in the way

CVE-2020-16884 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.

CVE-2020-16884 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1332 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1335, CVE-2020-1594.

CVE-2020-1332 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1335 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594.

CVE-2020-1335 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1594 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1335.

CVE-2020-1594 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory

CVE-2020-1224 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

CVE-2020-1224 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory

CVE-2020-1193 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1332, CVE-2020-1335, CVE-2020-1594.

CVE-2020-1193 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory

CVE-2020-1218 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338.

CVE-2020-1218 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory

CVE-2020-1338 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218.

CVE-2020-1338 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable

CVE-2020-16855 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

CVE-2020-16855 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Out-of-bounds Read

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-16851 7.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16852, CVE-2020-16853.

CVE-2020-16851 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

insecure temporary file

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-16852 7.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16853.

CVE-2020-16852 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Improper Privilege Management

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links

CVE-2020-16853 7.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16851, CVE-2020-16852.

CVE-2020-16853 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

insecure temporary file

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1210 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.

CVE-2020-1210 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1452 8.6 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.

CVE-2020-1452 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1453 8.6 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595.

CVE-2020-1453 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1576 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595.

CVE-2020-1576 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Download of Code Without Integrity Check

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected

CVE-2020-1595 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576.

CVE-2020-1595 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Download of Code Without Integrity Check

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data

CVE-2020-1440 4.3 - Medium - September 11, 2020

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523.

CVE-2020-1440 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Improper Input Validation

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls

CVE-2020-1460 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

CVE-2020-1460 is exploitable with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1198 6.1 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

CVE-2020-1198 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-1200 8.6 - High - September 11, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595.

CVE-2020-1200 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.

Download of Code Without Integrity Check

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1227 5.4 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

CVE-2020-1227 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1345 6.1 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575.

CVE-2020-1345 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1482 6.1 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575.

CVE-2020-1482 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1514 5.4 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575.

CVE-2020-1514 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1205 4.6 - Medium - September 11, 2020

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

CVE-2020-1205 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.1 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2020-1575 5.4 - Medium - September 11, 2020

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514.

CVE-2020-1575 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data

CVE-2020-1523 4.3 - Medium - September 11, 2020

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440.

CVE-2020-1523 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory

CVE-2020-16874 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.

CVE-2020-16874 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory

CVE-2020-16856 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.

CVE-2020-16856 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations

CVE-2020-1130 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.

CVE-2020-1130 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations

CVE-2020-1133 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.

CVE-2020-1133 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-16881 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.

CVE-2020-16881 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2020-1091 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1097.

CVE-2020-1091 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Control of Dynamically-Managed Code Resources

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2020-1097 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1091.

CVE-2020-1097 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Improper Control of Dynamically-Managed Code Resources

An elevation of privilege vulnerability exists in the way

CVE-2020-1034 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

CVE-2020-1034 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory

CVE-2020-1038 5.5 - Medium - September 11, 2020

A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'.

CVE-2020-1038 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory

CVE-2020-1039 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1074.

CVE-2020-1039 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists in the way

CVE-2020-1052 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376.

CVE-2020-1052 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory

CVE-2020-1053 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1308.

CVE-2020-1053 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory

CVE-2020-1115 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

CVE-2020-1115 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory

CVE-2020-1074 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039.

CVE-2020-1074 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory

CVE-2020-1083 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921.

CVE-2020-1083 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An information disclosure vulnerability exists in the way

CVE-2020-1031 7.5 - High - September 11, 2020

An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'.

CVE-2020-1031 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys

CVE-2020-1152 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka 'Windows Win32k Elevation of Privilege Vulnerability'.

CVE-2020-1152 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory

CVE-2020-1245 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVE-2020-1245 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates

CVE-2020-1013 8.1 - High - September 11, 2020

An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka 'Group Policy Elevation of Privilege Vulnerability'.

CVE-2020-1013 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 2.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly

CVE-2020-1030 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.

CVE-2020-1030 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects

CVE-2020-1471 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka 'Windows CloudExperienceHost Elevation of Privilege Vulnerability'.

CVE-2020-1471 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-1491 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.

CVE-2020-1491 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects

CVE-2020-1508 8.8 - High - September 11, 2020

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593.

CVE-2020-1508 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

An information disclosure vulnerability exists when the win32k component improperly provides kernel information

CVE-2020-1250 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941.

CVE-2020-1250 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists when Windows improperly handles objects in memory

CVE-2020-1252 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

CVE-2020-1252 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2020-1256 6.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

CVE-2020-1256 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists in the way

CVE-2020-1285 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

CVE-2020-1285 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory

CVE-2020-1308 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1053.

CVE-2020-1308 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in the way

CVE-2020-1319 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129.

CVE-2020-1319 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists in the way

CVE-2020-1376 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159.

CVE-2020-1376 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory

CVE-2020-0914 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.

CVE-2020-0914 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An information disclosure vulnerability exists when the win32k component improperly provides kernel information

CVE-2020-0941 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1250.

CVE-2020-0941 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory

CVE-2020-0998 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

CVE-2020-0998 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-16854 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, CVE-2020-1592.

CVE-2020-16854 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory

CVE-2020-0997 7.8 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'.

CVE-2020-0997 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations

CVE-2020-0886 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1559.

CVE-2020-0886 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory

CVE-2020-0782 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka 'Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability'.

CVE-2020-0782 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists in the way

CVE-2020-0922 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Remote Code Execution Vulnerability'.

CVE-2020-0922 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls

CVE-2020-0790 7.8 - High - September 11, 2020

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

CVE-2020-0790 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when NTFS improperly checks access

CVE-2020-0838 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka 'NTFS Elevation of Privilege Vulnerability'.

CVE-2020-0838 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists in the way

CVE-2020-0839 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.

CVE-2020-0839 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

An information disclosure vulnerability exists in how splwow64.exe handles certain calls

CVE-2020-0875 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'.

CVE-2020-0875 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory

CVE-2020-0911 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.

CVE-2020-0911 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-0912 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.

CVE-2020-0912 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory

CVE-2020-0921 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1083.

CVE-2020-0921 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations

CVE-2020-1559 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886.

CVE-2020-1559 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-1589 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854.

CVE-2020-1589 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects

CVE-2020-1593 8.8 - High - September 11, 2020

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1508.

CVE-2020-1593 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory

CVE-2020-1598 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

CVE-2020-1598 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A information disclosure vulnerability exists when TLS components use weak hash algorithms

CVE-2020-1596 5.3 - Medium - September 11, 2020

A information disclosure vulnerability exists when TLS components use weak hash algorithms, aka 'TLS Information Disclosure Vulnerability'.

Use of a Broken or Risky Cryptographic Algorithm

A remote code execution vulnerability exists in the way

CVE-2020-1129 8.8 - High - September 11, 2020

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1319.

CVE-2020-1129 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-1146 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0766.

CVE-2020-1146 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory

CVE-2020-0908 7.5 - High - September 11, 2020

A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka 'Windows Text Service Module Remote Code Execution Vulnerability'.

CVE-2020-0908 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Memory Corruption

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could

CVE-2020-0951 6.7 - Medium - September 11, 2020

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'.

CVE-2020-0951 can be explotited with local system access, and requires user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Incorrect Permission Assignment for Critical Resource

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data

CVE-2020-0904 6.5 - Medium - September 11, 2020

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0890.

CVE-2020-0904 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Incorrect Permission Assignment for Critical Resource

A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability

CVE-2020-0837 5.3 - Medium - September 11, 2020

A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'ADFS Spoofing Vulnerability'.

CVE-2020-0837 can be explotited with network access, and requires small amount of user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.6 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

authentification

An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-0648 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows RSoP Service Application Elevation of Privilege Vulnerability'.

CVE-2020-0648 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker

CVE-2020-0766 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1146.

CVE-2020-0766 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory

CVE-2020-0870 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'.

CVE-2020-0870 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions

CVE-2020-0989 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.

CVE-2020-0989 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

AuthZ

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-1033 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.

CVE-2020-1033 can be explotited with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory

CVE-2020-1169 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1303.

CVE-2020-1169 can be explotited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Privilege Management

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2020-0928 5.5 - Medium - September 11, 2020

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854.

CVE-2020-0928 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations

CVE-2020-1122 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'.

CVE-2020-1122 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Check for Unusual or Exceptional Conditions

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data

CVE-2020-0890 6.5 - Medium - September 11, 2020

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904.

CVE-2020-0890 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.0 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Improper Privilege Management

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8