Show filters

Showing topic results for "":

(1-10 of 25579)

Sort by:
Attacker Value
Very High

CVE-2020-0601, aka NSACrypt

Disclosure Date: January 14, 2020 (last updated July 24, 2020)
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Attacker Value
Very High

CVE-2020-15999 Chrome Freetype 0day

Disclosure Date: November 03, 2020 (last updated November 05, 2020)
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Very High

CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities

Disclosure Date: October 16, 2020 (last updated October 22, 2020)
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.
Attacker Value
Very High

CVE-2020-6418

Disclosure Date: February 27, 2020 (last updated July 30, 2020)
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Attacker Value
Very High

CVE-2020-9691

Disclosure Date: July 29, 2020 (last updated July 30, 2020)
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Attacker Value
Low

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

Disclosure Date: April 15, 2020 (last updated September 02, 2020)
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Attacker Value
Very High

CVE-2020-9496

Disclosure Date: July 15, 2020 (last updated August 28, 2020)
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Attacker Value
High

CVE-2020-1147

Disclosure Date: July 14, 2020 (last updated August 28, 2020)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Attacker Value
Moderate

CVE-2020-0674

Disclosure Date: February 11, 2020 (last updated September 11, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Attacker Value
High

CVE-2020-1380

Disclosure Date: August 17, 2020 (last updated August 28, 2020)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.