Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-35835

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-13 Sep, 2022 | 18:41
Updated At-11 Mar, 2025 | 16:10
Rejected At-
Credits

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:13 Sep, 2022 | 18:41
Updated At:11 Mar, 2025 | 16:10
Rejected At:
â–¼CVE Numbering Authority (CNA)
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.3406 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1809
Platforms
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before 10.0.17763.3406 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.3406 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2019 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.17763.0 before 10.0.17763.3406 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 21H1
Platforms
  • x64-based Systems
  • ARM64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 10.0.0 before 10.0.19043.2006 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2022
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.20348.0 before 10.0.20348.1006 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 20H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before 10.0.19042.2006 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 11 version 21H2
Platforms
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 10.0.0 before 10.0.22000.978 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 21H2
Platforms
  • 32-bit Systems
  • ARM64-based Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.19043.0 before 10.0.19044.2006 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1507
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.10240.0 before 10.0.10240.19444 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 10 Version 1607
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.5356 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.5356 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2016 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 10.0.14393.0 before 10.0.14393.5356 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.1.0 before 6.1.7601.26115 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 7 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.0 before 6.1.7601.26115 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows 8.1
Platforms
  • 32-bit Systems
  • x64-based Systems
  • ARM64-based Systems
Versions
Affected
  • From 6.3.0 before 6.3.9600.20571 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • 32-bit Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.21666 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2 (Server Core installation)
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.21666 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 Service Pack 2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.0.6003.0 before 6.0.6003.21666 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before 6.1.7601.26115 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.1.7601.0 before 6.1.7601.26115 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.23865 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.2.9200.0 before 6.2.9200.23865 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.20571 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Windows Server 2012 R2 (Server Core installation)
Platforms
  • x64-based Systems
Versions
Affected
  • From 6.3.9600.0 before 6.3.9600.20571 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835
Resource:
vendor-advisory
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:13 Sep, 2022 | 19:15
Updated At:08 Aug, 2023 | 14:21

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>20h2
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10>>21h1
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10>>21h1
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>21h1
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10>>21h2
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10>>21h2
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>21h2
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_10>>1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
Microsoft Corporation
microsoft
>>windows_11>>-
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_8.1>>-
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>-
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2008>>-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2019>>-
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2022>>-
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:azure:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35835
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1186Records found
CVE-2020-1193
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.67% / 93.21%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-23 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016 for MacMicrosoft Office 2016Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2025-21222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.69% / 71.55%
||
7 Day CHG-0.04%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Telephony Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2012windows_server_2025windows_server_2019windows_11_23h2windows_server_2008windows_10_1809windows_server_2016windows_10_21h2windows_server_2022Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2020-1238
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-9.80% / 92.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-1239
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-32.98% / 96.82%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2020-1226
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.62% / 95.49%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.

Action-Not Available
Vendor-Microsoft Corporation
Product-excel365_appsofficeMicrosoft ExcelMicrosoft OfficeMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit Systems
CWE ID-CWE-416
Use After Free
CVE-2020-1223
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-36.77% / 97.08%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-wordMicrosoft Word for Android
CVE-2013-2551
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-91.27% / 99.65%
||
7 Day CHG~0.00%
Published-11 Mar, 2013 | 10:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2003internet_explorerwindows_server_2012windows_server_2008windows_rtwindows_vistawindows_8windows_xpn/aInternet Explorer
CWE ID-CWE-416
Use After Free
CVE-2020-12427
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 34.99%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 14:28
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.

Action-Not Available
Vendor-n/aApple Inc.Western Digital Corp.Microsoft Corporation
Product-windowswd_discoverymacosn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-12248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.78%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 03:32
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsreadern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0738
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.04% / 95.95%
||
7 Day CHG-0.15%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10892
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-1.62% / 81.64%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 20:50
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the CombineFiles command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9830.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-3061
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 22:17
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Linux Kernel Organization, IncGoogle LLCMicrosoft Corporation
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1061
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.87% / 95.81%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script Runtime Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-1126
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-21.25% / 95.59%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21283
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.84% / 74.54%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 22:41
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-1222
Insufficient Granularity of Address Regions Protected by Register Locks
CVE-2025-21342
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.38% / 80.08%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 22:41
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2020-1020
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-87.96% / 99.48%
||
7 Day CHG-0.03%
Published-15 Apr, 2020 | 15:13
Updated-29 Oct, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_10_1709windows_server_2012windows_10_1903windows_rt_8.1windows_8.1windows_10_1803windows_10_1507windows_10_1909windows_server_1909windows_server_2008windows_10_1607windows_10_1809windows_server_2019windows_server_1903windows_server_2016Windows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindowsWindows 10 Version 1909 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0883
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-52.82% / 97.90%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0605
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-34.06% / 96.90%
||
7 Day CHG-0.56%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1.net_corewindows_rt_8.1windows_7windows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.6Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems.NET CoreMicrosoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 3.0Microsoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows Server 2019Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1508
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-1.64% / 81.71%
||
7 Day CHG+0.03%
Published-11 Sep, 2020 | 17:09
Updated-23 Feb, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Audio Decoder Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2020-0760
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-34.57% / 96.93%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

Action-Not Available
Vendor-Microsoft Corporation
Product-publishervisiooffice_365_proplusofficepowerpointexcelwordaccessoutlookprojectMicrosoft OutlookMicrosoft Publisher 2016 (64-bit edition)Microsoft OfficeMicrosoft ProjectMicrosoft Publisher 2013 Service Pack 1 (32-bit editions)Microsoft Publisher 2013 Service Pack 1 (64-bit editions)Microsoft PublisherMicrosoft WordMicrosoft AccessMicrosoft ExcelMicrosoft Publisher 2016 (32-bit edition)Microsoft PowerPointMicrosoft VisioOffice 365 ProPlus
CVE-2020-0809
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-17.37% / 94.96%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0881
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-30.26% / 96.60%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0603
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-10.94% / 93.30%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-enterprise_linux_eusenterprise_linuxasp.net_coreASP.NET Core
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0869
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-16.95% / 94.87%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0922
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-17.73% / 95.02%
||
7 Day CHG+3.56%
Published-11 Sep, 2020 | 17:08
Updated-23 Feb, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft COM for Windows Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.</p> <p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2020-0807
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-17.37% / 94.96%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0816
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.62% / 95.49%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_server_2019windows_10Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows Server 2019Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows Server 2016Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit SystemsMicrosoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0906
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-32.91% / 96.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_365_proplusofficeMicrosoft OfficeOffice 365 ProPlusMicrosoft Excel
CVE-2020-0687
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-51.94% / 97.87%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0850
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-33.49% / 96.86%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationoffice_online_serveroffice_365_proplusofficewordsharepoint_serversharepoint_enterprise_serverMicrosoft OfficeMicrosoft Office Online ServerMicrosoft SharePoint FoundationMicrosoft WordMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint ServerOffice 365 ProPlus
CVE-2020-1335
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.67% / 93.21%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-23 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_apps365_appsexcelsharepoint_serveroffice_online_serverofficeMicrosoft 365 Apps for EnterpriseMicrosoft Excel 2016Microsoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft SharePoint Server 2019Microsoft Office Web Apps 2013 Service Pack 1Microsoft Office 2016Microsoft Excel 2010 Service Pack 2Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2019
CVE-2013-1347
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-86.92% / 99.43%
||
7 Day CHG~0.00%
Published-05 May, 2013 | 10:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2003internet_explorerwindows_server_2008windows_vistawindows_xpn/aInternet Explorer
CWE ID-CWE-416
Use After Free
CVE-2020-0604
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.24% / 92.61%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:12
Updated-23 Feb, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal. The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CVE-2020-0759
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-32.91% / 96.81%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_365_proplusMicrosoft OfficeOffice 365 ProPlusMicrosoft Excel
CVE-2020-0729
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-32.04% / 96.75%
||
7 Day CHG+5.27%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2020-0948
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-21.25% / 95.59%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0949, CVE-2020-0950.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-1012
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-15.32% / 94.53%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-23 Feb, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WinINet API Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p> </li> <li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p> </li> </ul> <p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_8.1windows_7internet_explorerwindows_10windows_server_2019Internet Explorer 11
CVE-2020-0801
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.43% / 94.09%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0684
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-38.56% / 97.18%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2019-8204
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.80% / 82.55%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:24
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8210
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.97% / 88.21%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8224
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.97% / 88.21%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:28
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8203
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.97% / 88.21%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:23
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2013-0643
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-57.88% / 98.15%
||
7 Day CHG~0.00%
Published-27 Feb, 2013 | 00:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-10-08||The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.openSUSESUSELinux Kernel Organization, IncRed Hat, Inc.
Product-mac_os_xflash_playerenterprise_linux_serverenterprise_linux_euswindowsenterprise_linux_server_auslinux_kernelenterprise_linux_desktopopensuselinux_enterprise_desktopenterprise_linux_workstationn/aflash_playerFlash Player
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-8208
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.97% / 88.21%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:24
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8174
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.98% / 88.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:16
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8165
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.16% / 86.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:13
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.48% / 87.39%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 16:30
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-unity3dn/aMicrosoft Corporation
Product-windowsunity_editorn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-8008
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.55% / 94.12%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:38
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 23
  • 24
  • Next
Details not found