Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2002-0727

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-02 Apr, 2003 | 05:00
Updated At-08 Aug, 2024 | 02:56
Rejected At-
Credits

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:02 Apr, 2003 | 05:00
Updated At:08 Aug, 2024 | 02:56
Rejected At:
▼CVE Numbering Authority (CNA)

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
vendor-advisory
x_refsource_MS
http://www.osvdb.org/3006
vdb-entry
x_refsource_OSVDB
http://www.iss.net/security_center/static/8777.php
vdb-entry
x_refsource_XF
http://marc.info/?l=bugtraq&m=101829645415486&w=2
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/4449
vdb-entry
x_refsource_BID
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://www.osvdb.org/3006
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.iss.net/security_center/static/8777.php
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://marc.info/?l=bugtraq&m=101829645415486&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/4449
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
vendor-advisory
x_refsource_MS
x_transferred
http://www.osvdb.org/3006
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.iss.net/security_center/static/8777.php
vdb-entry
x_refsource_XF
x_transferred
http://marc.info/?l=bugtraq&m=101829645415486&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/4449
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://www.osvdb.org/3006
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.iss.net/security_center/static/8777.php
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=101829645415486&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/4449
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Sep, 2002 | 04:00
Updated At:03 Apr, 2025 | 01:03

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>office_web_components>>2000
cpe:2.3:a:microsoft:office_web_components:2000:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_web_components>>2002
cpe:2.3:a:microsoft:office_web_components:2002:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>project>>2002
cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=101829645415486&w=2cve@mitre.org
N/A
http://www.iss.net/security_center/static/8777.phpcve@mitre.org
Patch
Vendor Advisory
http://www.osvdb.org/3006cve@mitre.org
N/A
http://www.securityfocus.com/bid/4449cve@mitre.org
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=101829645415486&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.iss.net/security_center/static/8777.phpaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.osvdb.org/3006af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/4449af854a3a-2127-422b-91ae-364da2661108
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=101829645415486&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.iss.net/security_center/static/8777.php
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/3006
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/4449
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=101829645415486&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.iss.net/security_center/static/8777.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/3006
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/4449
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

758Records found
CVE-2012-2971
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.68%
||
7 Day CHG~0.00%
Published-20 Oct, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-0657
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-49.70% / 97.73%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1694
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.35%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 19:42
Updated-08 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1722
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.98% / 82.84%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fax Service Remote Code Execution Vulnerability

Windows Fax Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2021-29798
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 57.29%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-0698
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.54%
||
7 Day CHG~0.00%
Published-14 Feb, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Action-Not Available
Vendor-n/aDjangoMicrosoft Corporation
Product-djangowindowsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-3795
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.19% / 94.11%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:58
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3807
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.07% / 96.49%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:28
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-33757
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.99% / 75.96%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2020-3787
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3775
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.98% / 95.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:33
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-31980
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-4.47% / 88.65%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Intune Management Extension Remote Code Execution Vulnerability

Microsoft Intune Management Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-intune_management_extensionIntune management extension
CVE-2020-4879
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.91% / 74.81%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 17:20
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowscognos_controllerCognos Controller
CWE ID-CWE-287
Improper Authentication
CVE-2020-9671
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.62%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 00:00
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-creative_cloud_desktop_applicationwindowsAdobe Creative Cloud Desktop Application
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-9669
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:59
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudAdobe Creative Cloud Desktop Application
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-4693
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.62% / 68.95%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 18:25
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protect_operations_centerwindowslinux_kernelSpectrum Protect Operations Center
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3786
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:30
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-31914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 10.79%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:11
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

Action-Not Available
Vendor-n/aMicrosoft CorporationJetBrains s.r.o.
Product-windowsteamcityn/a
CVE-2020-9670
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.33% / 84.21%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:59
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-creative_cloud_desktop_applicationwindowsAdobe Creative Cloud Desktop Application
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-7878
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.84%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 19:09
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.

Action-Not Available
Vendor-4nb4NBMicrosoft Corporation
Product-windowsvideoofficeVideoOffice
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-7808
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.90%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 18:29
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RAONWIZ Inc K Upload, arguments modiffication via missing support for integrity check vulnerability

In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.

Action-Not Available
Vendor-RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-windows_7raon_k_uploadwindows_8windows_10K Upload
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2020-7853
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 56.07%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:55
Updated-16 Sep, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOBESOFT XPLATFORM Out-of-Bounds Read/Write Vulnerabilities

An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsxplatformXplatform
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-7812
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.32%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 13:12
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.

Action-Not Available
Vendor-kaoniKaoniMicrosoft Corporation
Product-windowsezhttptransezHTTPTrans
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7806
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.32%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:50
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft Xplatform ActiveX File Download Vulnerability

Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsxplatformXplatform
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7861
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.4||HIGH
EPSS-1.10% / 77.15%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 17:33
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AnySupport directory traversing vulnerability

AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.

Action-Not Available
Vendor-anysupportKoinoMicrosoft Corporation
Product-windowsanysupportAquaNPlayer
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-7814
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.10%
||
7 Day CHG~0.00%
Published-10 Jul, 2020 | 12:58
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows.

Action-Not Available
Vendor-RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-windowsraon_k_uploadRAON KUpload
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7815
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-10 Jul, 2020 | 13:05
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows.

Action-Not Available
Vendor-tobesoftTOBESOFTMicrosoft Corporation
Product-windowsxplatformXPLATFORM
CVE-2020-3943
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 81.67%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 20:04
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Microsoft Corporation
Product-windowsvrealize_operationsvRealize Operations for Horizon Adapter
CVE-2020-7821
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.97% / 75.62%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 12:37
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC

Action-Not Available
Vendor-nexawebTobesoftMicrosoft Corporation
Product-windowsnexacro_17nexacro_14NEXACRO14/17 ExCommonApiV13
CWE ID-CWE-20
Improper Input Validation
CVE-2021-31166
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.96% / 99.77%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-27||Apply updates per vendor instructions.
HTTP Protocol Stack Remote Code Execution Vulnerability

HTTP Protocol Stack Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_20h2windows_server_2004windows_10_2004windows_10_20h2Windows Server version 2004Windows 10 Version 20H2Windows 10 Version 2004Windows Server version 20H2HTTP Protocol Stack
CWE ID-CWE-416
Use After Free
CVE-2020-3801
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-20.74% / 95.38%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:15
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3792
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-25.38% / 96.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:56
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3784
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3797
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 16:00
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3783
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.98% / 95.95%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3785
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3789
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 92.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:33
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7883
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 72.56%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 19:12
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.

Action-Not Available
Vendor-wowsoftWOWSOFTMicrosoft Corporation
Product-windowsprintchaserPrintchaser
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7820
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.97% / 75.62%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 12:40
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC

Action-Not Available
Vendor-nexawebTobesoftMicrosoft Corporation
Product-windowsnexacro_17nexacro_14NEXACRO14/17 ExCommonApiV13
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7832
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.99% / 75.94%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 14:47
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RAONWIZ DEXT5 Upload remote code execution vulnerability

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

Action-Not Available
Vendor-dext5RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-windowsdext5DEXT5 Upload
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26701
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:02
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Core Remote Code Execution Vulnerability

.NET Core Remote Code Execution Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-visual_studio_2019fedora.net.net_corepowershell_coreMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8).NET 5.0Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)PowerShell Core 7.0Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7).NET Core 2.1Visual Studio 2019 for MacPowerShell Core 7.1.NET Core 3.1
CVE-2008-7037
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.90%
||
7 Day CHG~0.00%
Published-24 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.

Action-Not Available
Vendor-itnn/aMicrosoft Corporation
Product-itn_news_gadgetwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-1016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-76.52% / 98.89%
||
7 Day CHG~0.00%
Published-07 Mar, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2021-24112
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.76% / 72.24%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Core Remote Code Execution Vulnerability

.NET Core Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-.netvisual_studio_2019mono.net_core.NET 5.0Mono 6.12.0.NET Core 2.1Visual Studio 2019 for Mac.NET Core 3.1
CVE-2005-1215
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-12.44% / 93.65%
||
7 Day CHG~0.00%
Published-14 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-isa_servern/a
CVE-2007-5322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-35.43% / 96.92%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_foxpron/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2007-4790
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-73.67% / 98.76%
||
7 Day CHG~0.00%
Published-10 Sep, 2007 | 21:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorervisual_foxpron/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3892
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-40.82% / 97.28%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-12811
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-19.40% / 95.16%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-4877
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.35% / 56.98%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 17:20
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowscognos_controllerCognos Controller
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found