Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-21364

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Jan, 2025 | 18:04
Updated At-13 Feb, 2026 | 19:56
Rejected At-
Credits

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Jan, 2025 | 18:04
Updated At:13 Feb, 2026 | 19:56
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft 365 Apps for Enterprise
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2024
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364
Resource:
vendor-advisory
patch
ā–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Jan, 2025 | 18:16
Updated At:01 Jul, 2025 | 17:18

Microsoft Excel Security Feature Bypass Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>365_apps>>-
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
Microsoft Corporation
microsoft
>>365_apps>>-
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2024
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2024
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:*:x86:*
Weaknesses
CWE IDTypeSource
CWE-502Secondarysecure@microsoft.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-502
Type: Secondary
Source: secure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2395Records found
CVE-2024-30042
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.70%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:57
Updated-03 May, 2025 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice_online_serverofficeexcel365_appsOffice Online ServerMicrosoft Office LTSC for Mac 2021Microsoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-26857
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-35.60% / 96.96%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 23:55
Updated-30 Oct, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2013 Service Pack 1Microsoft Exchange Server 2019 Cumulative Update 2Microsoft Exchange Server 2016 Cumulative Update 18Microsoft Exchange Server 2019 Cumulative Update 6Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2019 Cumulative Update 5Microsoft Exchange Server 2016 Cumulative Update 16Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 12Microsoft Exchange Server 2019 Cumulative Update 7Microsoft Exchange Server 2010 Service Pack 3Microsoft Exchange Server 2016 Cumulative Update 15Microsoft Exchange Server 2019Microsoft Exchange Server 2016 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 21Microsoft Exchange Server 2016 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 4Microsoft Exchange Server 2019 Cumulative Update 3Microsoft Exchange Server 2016 Cumulative Update 10Microsoft Exchange Server 2019 Cumulative Update 1Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2013 Cumulative Update 22Microsoft Exchange Server 2016 Cumulative Update 9Microsoft Exchange Server 2016 Cumulative Update 17Exchange Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47994
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.27% / 49.90%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficesharepoint_enterprise_serveroffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-21779
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.40% / 80.12%
||
7 Day CHG+0.20%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-30382
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.10% / 77.63%
||
7 Day CHG+0.29%
Published-13 May, 2025 | 16:58
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-41830
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.02% / 76.84%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:07
Updated-15 Aug, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Talos Security Advisory for Adobe (TALOS-2024-2009)

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2025-35471
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-7||HIGH
EPSS-0.02% / 4.78%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 01:13
Updated-23 Sep, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.

Action-Not Available
Vendor-conda-forgeconda-forgeMicrosoft Corporation
Product-openssl-feedstockminiforgewindowsminiforgeopenssl-feedstock
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-1028
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-13.81% / 94.12%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0851
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.83%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeMicrosoft OfficeOffice 365 ProPlus
CVE-2020-0999
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.40% / 96.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-35.21% / 96.93%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0651
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_365_proplusMicrosoft OfficeOffice 365 ProPlusMicrosoft Excel
CVE-2024-41869
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.88% / 74.89%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 08:58
Updated-19 Sep, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | Use After Free (CWE-416)

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2020-1039
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-11.07% / 93.28%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-01 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jet Database Engine Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p> <p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p> <p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2020-0961
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.83%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeMicrosoft OfficeOffice 365 ProPlus
CVE-2024-41850
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:05
Updated-19 Aug, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign 2024 TIF File Parsing Heap Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0650
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_365_proplusMicrosoft OfficeOffice 365 ProPlusMicrosoft Excel
CVE-2024-41879
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.72% / 82.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 12:01
Updated-05 Sep, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RE: New Edge T5 MSRC Case [DCMSFT-1294]

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-acrobat_readeredgeAcrobat Readeracrobat_reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-1051
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-42.05% / 97.34%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2024-41852
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:05
Updated-19 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Indesign 2024 AVI File Parsing Stack Based Buffer Overflow

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0852
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.83%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serveroffice_online_serverofficeMicrosoft SharePoint ServerMicrosoft OfficeMicrosoft Office Online Server
CVE-2020-0995
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-34.06% / 96.86%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0652
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-16.67% / 94.77%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_365_proplusMicrosoft OfficeOffice 365 ProPlus
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0980
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.16% / 97.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsoffice_online_serveroffice_365_proplusofficewordsharepoint_serversharepoint_enterprise_serverMicrosoft OfficeMicrosoft Office Online ServerMicrosoft WordMicrosoft SharePoint Enterprise ServerMicrosoft Office Web AppsMicrosoft SharePoint ServerOffice 365 ProPlus
CVE-2024-41856
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.14%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:56
Updated-13 Sep, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Improper Input Validation (CWE-20)

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-20
Improper Input Validation
CVE-2024-41851
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:05
Updated-19 Aug, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign (Beta) has an integer overflow vulnerability when parsing SVG file

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-41858
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 08:14
Updated-15 Oct, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy has an integer overflow vulnerability when parsing SVG file

InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-incopywindowsmacosInCopyincopy
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-0959
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.16% / 97.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0988
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.40% / 96.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2024-41853
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:05
Updated-19 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign Desktopindesign
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0953
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.16% / 97.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-1008
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.40% / 96.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0708
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.17% / 95.35%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:23
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0892
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.16% / 97.24%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationoffice_online_serveroffice_web_appsoffice_365_proplusofficewordsharepoint_serversharepoint_enterprise_serverMicrosoft OfficeMicrosoft Office Online ServerMicrosoft SharePoint FoundationMicrosoft WordMicrosoft SharePoint Enterprise ServerMicrosoft Office Web AppsMicrosoft SharePoint ServerOffice 365 ProPlus
CVE-2020-0994
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.16% / 97.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-0960
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.16% / 97.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2024-41857
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 08:37
Updated-16 Sep, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191)

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustratorIllustratorillustrator
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2020-0991
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.83%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeMicrosoft OfficeOffice 365 ProPlus
CVE-2024-41859
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.06%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 08:33
Updated-13 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0992
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.40% / 96.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CVE-2020-1046
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-11.30% / 93.37%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:12
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework 3.5 AND 4.8Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5 AND 4.7.2
CVE-2020-0938
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-89.57% / 99.54%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-29 Oct, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_10_1709windows_server_2012windows_server_1803windows_10_1903windows_rt_8.1windows_8.1windows_10_1803windows_10_1507windows_10_1909windows_server_1909windows_server_2008windows_10_1607windows_10_1809windows_server_2019windows_server_1903windows_server_2016Windows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindowsWindows 10 Version 1909 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0997
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.27% / 92.55%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:08
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Camera Codec Pack Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1709Windows 10 Version 1909Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows 10 Version 1803Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9491
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-21.52% / 95.58%
||
7 Day CHG~0.00%
Published-21 Oct, 2019 | 18:35
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-windowsanti-threat_toolkitTrend Micro Anti-Threat Toolkit (ATTK)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-20123
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.25%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 05:05
Updated-15 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Viscosity DLL untrusted search path

A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-sparklabsunspecifiedMicrosoft Corporation
Product-windowsviscosityViscosity
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-8249
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.30% / 92.06%
||
7 Day CHG~0.00%
Published-06 Jul, 2020 | 17:38
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-30646
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.30%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 13:12
Updated-27 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator Font Parsing Out-of-bounds Write Remote Code Execution Vulnerability

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39386
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:02
Updated-19 Aug, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-24057: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsbridgemacosBridgebridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39420
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7||HIGH
EPSS-1.15% / 78.17%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 15:07
Updated-16 Sep, 2024 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-39378
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 16:07
Updated-18 Sep, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audition | Out-of-bounds Write (CWE-787)

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsauditionmac_os_xAuditionaudition
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 47
  • 48
  • Next
Details not found