Total
7549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8607 | 2 Microsoft, Trendmicro | 13 Windows, Antivirus Toolkit, Apex One and 10 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. | |||||
| CVE-2020-8602 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | |||||
| CVE-2020-8601 | 2 Microsoft, Trendmicro | 2 Windows, Vulnerability Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory. | |||||
| CVE-2020-8146 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer. | |||||
| CVE-2020-8145 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer. | |||||
| CVE-2020-8144 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 5.2 MEDIUM | 8.4 HIGH |
| The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer. | |||||
| CVE-2020-7883 | 2 Microsoft, Wowsoft | 2 Windows, Printchaser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | |||||
| CVE-2020-7881 | 2 Afreecatv, Microsoft | 2 Afreecatv, Windows | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. | |||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | |||||
| CVE-2020-7878 | 2 4nb, Microsoft | 2 Videooffice, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check. | |||||
| CVE-2020-7877 | 2 Mastersoft, Microsoft | 3 Zook Agent, Zook Viewer, Windows | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | |||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | |||||
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
| CVE-2020-7868 | 2 Helpu, Microsoft | 2 Helpu, Windows | 2024-11-21 | 10.0 HIGH | 9.6 CRITICAL |
| A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login. | |||||
| CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2024-11-21 | 7.5 HIGH | 8.4 HIGH |
| AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | |||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | |||||
| CVE-2020-7853 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
| An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution. | |||||
| CVE-2020-7852 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||