CVE-2020-1020 (GCVE-0-2020-1020)
Vulnerability from
Published
2020-04-15 15:13
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1020",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:14:47.948142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:46.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-1020 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "8.1 for x64-based systems"
},
{
"status": "affected",
"version": "RT 8.1"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
},
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"status": "affected",
"version": "2012"
},
{
"status": "affected",
"version": "2012 (Core installation)"
},
{
"status": "affected",
"version": "2012 R2"
},
{
"status": "affected",
"version": "2012 R2 (Core installation)"
}
]
},
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0938."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:27.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "10 Version 1803 for 32-bit Systems"
},
{
"version_value": "10 Version 1803 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "10 Version 1809 for 32-bit Systems"
},
{
"version_value": "10 Version 1809 for x64-based Systems"
},
{
"version_value": "10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "10 Version 1709 for 32-bit Systems"
},
{
"version_value": "10 Version 1709 for x64-based Systems"
},
{
"version_value": "10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "10 for 32-bit Systems"
},
{
"version_value": "10 for x64-based Systems"
},
{
"version_value": "10 Version 1607 for 32-bit Systems"
},
{
"version_value": "10 Version 1607 for x64-based Systems"
},
{
"version_value": "7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "7 for x64-based Systems Service Pack 1"
},
{
"version_value": "8.1 for 32-bit systems"
},
{
"version_value": "8.1 for x64-based systems"
},
{
"version_value": "RT 8.1"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "version 1803 (Core Installation)"
},
{
"version_value": "2019"
},
{
"version_value": "2019 (Core installation)"
},
{
"version_value": "2016"
},
{
"version_value": "2016 (Core installation)"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value": "2012"
},
{
"version_value": "2012 (Core installation)"
},
{
"version_value": "2012 R2"
},
{
"version_value": "2012 R2 (Core installation)"
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \u0027Adobe Font Manager Library Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0938."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1020",
"datePublished": "2020-04-15T15:13:27.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:46.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1027 (GCVE-0-2020-1027)
Vulnerability from
Published
2020-04-15 15:13
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1027",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:14:06.659846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:46.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1027"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-23T00:00:00+00:00",
"value": "CVE-2020-1027 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "8.1 for x64-based systems"
},
{
"status": "affected",
"version": "RT 8.1"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
},
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"status": "affected",
"version": "2012"
},
{
"status": "affected",
"version": "2012 (Core installation)"
},
{
"status": "affected",
"version": "2012 R2"
},
{
"status": "affected",
"version": "2012 R2 (Core installation)"
}
]
},
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-12T16:10:23.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "10 Version 1803 for 32-bit Systems"
},
{
"version_value": "10 Version 1803 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "10 Version 1809 for 32-bit Systems"
},
{
"version_value": "10 Version 1809 for x64-based Systems"
},
{
"version_value": "10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "10 Version 1709 for 32-bit Systems"
},
{
"version_value": "10 Version 1709 for x64-based Systems"
},
{
"version_value": "10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "10 for 32-bit Systems"
},
{
"version_value": "10 for x64-based Systems"
},
{
"version_value": "10 Version 1607 for 32-bit Systems"
},
{
"version_value": "10 Version 1607 for x64-based Systems"
},
{
"version_value": "7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "7 for x64-based Systems Service Pack 1"
},
{
"version_value": "8.1 for 32-bit systems"
},
{
"version_value": "8.1 for x64-based systems"
},
{
"version_value": "RT 8.1"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "version 1803 (Core Installation)"
},
{
"version_value": "2019"
},
{
"version_value": "2019 (Core installation)"
},
{
"version_value": "2016"
},
{
"version_value": "2016 (Core installation)"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value": "2012"
},
{
"version_value": "2012 (Core installation)"
},
{
"version_value": "2012 R2"
},
{
"version_value": "2012 R2 (Core installation)"
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027"
},
{
"name": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168068/Windows-sxs-CNodeFactory-XMLParser_Element_doc_assembly_assemblyIdentity-Heap-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1027",
"datePublished": "2020-04-15T15:13:29.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:46.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1054 (GCVE-0-2020-1054)
Vulnerability from
Published
2020-05-21 22:52
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1054",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:14:00.273331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1054"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:43.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1054"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-1054 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "8.1 for x64-based systems"
},
{
"status": "affected",
"version": "RT 8.1"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
},
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
},
{
"status": "affected",
"version": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"status": "affected",
"version": "2012"
},
{
"status": "affected",
"version": "2012 (Core installation)"
},
{
"status": "affected",
"version": "2012 R2"
},
{
"status": "affected",
"version": "2012 R2 (Core installation)"
}
]
},
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1143."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T17:06:13.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "10 Version 1803 for 32-bit Systems"
},
{
"version_value": "10 Version 1803 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "10 Version 1809 for 32-bit Systems"
},
{
"version_value": "10 Version 1809 for x64-based Systems"
},
{
"version_value": "10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "10 Version 1709 for 32-bit Systems"
},
{
"version_value": "10 Version 1709 for x64-based Systems"
},
{
"version_value": "10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "10 for 32-bit Systems"
},
{
"version_value": "10 for x64-based Systems"
},
{
"version_value": "10 Version 1607 for 32-bit Systems"
},
{
"version_value": "10 Version 1607 for x64-based Systems"
},
{
"version_value": "7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "7 for x64-based Systems Service Pack 1"
},
{
"version_value": "8.1 for 32-bit systems"
},
{
"version_value": "8.1 for x64-based systems"
},
{
"version_value": "RT 8.1"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "version 1803 (Core Installation)"
},
{
"version_value": "2019"
},
{
"version_value": "2019 (Core installation)"
},
{
"version_value": "2016"
},
{
"version_value": "2016 (Core installation)"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value": "2012"
},
{
"version_value": "2012 (Core installation)"
},
{
"version_value": "2012 R2"
},
{
"version_value": "2012 R2 (Core installation)"
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1143."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1054"
},
{
"name": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160515/Microsoft-Windows-DrawIconEx-Local-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1054",
"datePublished": "2020-05-21T22:52:50.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:43.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0986 (GCVE-0-2020-0986)
Vulnerability from
Published
2020-06-09 19:43
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Windows |
Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1709 for ARM64-based Systems Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 |
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0986",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:01:08.808827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0986"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:42.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0986"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-0986 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "8.1 for x64-based systems"
},
{
"status": "affected",
"version": "RT 8.1"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
},
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
},
{
"status": "affected",
"version": "2012"
},
{
"status": "affected",
"version": "2012 (Core installation)"
},
{
"status": "affected",
"version": "2012 R2"
},
{
"status": "affected",
"version": "2012 R2 (Core installation)"
}
]
},
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 2004 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-23T19:06:10.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "10 Version 1803 for 32-bit Systems"
},
{
"version_value": "10 Version 1803 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "10 Version 1809 for 32-bit Systems"
},
{
"version_value": "10 Version 1809 for x64-based Systems"
},
{
"version_value": "10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "10 Version 1709 for 32-bit Systems"
},
{
"version_value": "10 Version 1709 for x64-based Systems"
},
{
"version_value": "10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "10 for 32-bit Systems"
},
{
"version_value": "10 for x64-based Systems"
},
{
"version_value": "10 Version 1607 for 32-bit Systems"
},
{
"version_value": "10 Version 1607 for x64-based Systems"
},
{
"version_value": "8.1 for 32-bit systems"
},
{
"version_value": "8.1 for x64-based systems"
},
{
"version_value": "RT 8.1"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "version 1803 (Core Installation)"
},
{
"version_value": "2019"
},
{
"version_value": "2019 (Core installation)"
},
{
"version_value": "2016"
},
{
"version_value": "2016 (Core installation)"
},
{
"version_value": "2012"
},
{
"version_value": "2012 (Core installation)"
},
{
"version_value": "2012 R2"
},
{
"version_value": "2012 R2 (Core installation)"
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1909 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 1903 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 1903 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 2004 for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows Server, version 2004 (Server Core installation)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 2004 for ARM64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Windows 10 Version 2004 for x64-based Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986"
},
{
"name": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0986",
"datePublished": "2020-06-09T19:43:14.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:42.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53951 (GCVE-0-2025-53951)
Vulnerability from
Published
2025-10-16 13:58
Modified
2025-10-16 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Escalation of privilege
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDLP |
Version: 11.5.1 Version: 11.4.2 ≤ 11.4.6 Version: 11.3.2 ≤ 11.3.4 Version: 11.2.3 Version: 11.2.0 Version: 11.1.1 ≤ 11.1.2 Version: 11.0.1 Version: 10.5.1 Version: 10.4.0 Version: 10.3.1 cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:36:52.618969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:37:00.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDLP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "11.5.1"
},
{
"lessThanOrEqual": "11.4.6",
"status": "affected",
"version": "11.4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.3.4",
"status": "affected",
"version": "11.3.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "11.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "10.5.1"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] in Fortinet FortiDLP Agent\u0027s Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:58:21.749Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-628",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-628"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiDLP version 12.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-53951",
"datePublished": "2025-10-16T13:58:21.749Z",
"dateReserved": "2025-07-15T09:52:08.702Z",
"dateUpdated": "2025-10-16T14:37:00.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53950 (GCVE-0-2025-53950)
Vulnerability from
Published
2025-10-16 14:00
Modified
2025-10-16 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-359 - Information disclosure
Summary
An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDLP |
Version: 11.5.1 Version: 11.4.2 ≤ 11.4.6 Version: 11.3.2 ≤ 11.3.4 Version: 11.2.3 Version: 11.2.0 Version: 11.1.1 ≤ 11.1.2 Version: 11.0.1 Version: 10.5.1 Version: 10.4.0 Version: 10.3.1 cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:22:49.612036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:22:55.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:10.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDLP",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "11.5.1"
},
{
"lessThanOrEqual": "11.4.6",
"status": "affected",
"version": "11.4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.3.4",
"status": "affected",
"version": "11.3.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.0"
},
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "11.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "10.5.1"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Private Personal Information (\u0027Privacy Violation\u0027) vulnerability [CWE-359] in Fortinet FortiDLP Agent\u0027s Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user\u0027s email information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:00:05.329Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-639",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-639"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiDLP version 12.0.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-53950",
"datePublished": "2025-10-16T14:00:05.329Z",
"dateReserved": "2025-07-15T09:52:08.702Z",
"dateUpdated": "2025-10-16T14:22:55.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46752 (GCVE-0-2025-46752)
Vulnerability from
Published
2025-10-16 14:00
Modified
2025-10-16 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Information disclosure
Summary
A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiDLP |
Version: 12.0.4 ≤ 12.0.5 Version: 12.0.2 Version: 12.0.0 Version: 11.5.1 Version: 11.4.5 ≤ 11.4.6 cpe:2.3:a:fortinet:fortidlp:12.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:12.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:20:20.963552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:20:31.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortidlp:12.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:12.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:12.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortidlp:11.4.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDLP",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "12.0.5",
"status": "affected",
"version": "12.0.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "11.5.1"
},
{
"lessThanOrEqual": "11.4.6",
"status": "affected",
"version": "11.4.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:00:30.930Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-160",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-160"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiDLP version 12.1.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-46752",
"datePublished": "2025-10-16T14:00:30.930Z",
"dateReserved": "2025-04-29T00:20:46.508Z",
"dateUpdated": "2025-10-16T14:20:31.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54284 (GCVE-0-2025-54284)
Vulnerability from
Published
2025-10-14 19:28
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Illustrator |
Version: 0 ≤ 28.7.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:13.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Illustrator",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "28.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:28:25.502Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-102.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Illustrator | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-54284",
"datePublished": "2025-10-14T19:28:25.502Z",
"dateReserved": "2025-07-17T21:15:02.469Z",
"dateUpdated": "2025-10-16T03:56:13.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54283 (GCVE-0-2025-54283)
Vulnerability from
Published
2025-10-14 19:28
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Illustrator |
Version: 0 ≤ 28.7.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:12.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Illustrator",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "28.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:28:26.553Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/illustrator/apsb25-102.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Illustrator | Out-of-bounds Write (CWE-787)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-54283",
"datePublished": "2025-10-14T19:28:26.553Z",
"dateReserved": "2025-07-17T21:15:02.468Z",
"dateUpdated": "2025-10-16T03:56:12.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61801 (GCVE-0-2025-61801)
Vulnerability from
Published
2025-10-14 19:34
Modified
2025-10-16 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T03:56:11.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dimension",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "4.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T19:34:14.023Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/dimension/apsb25-103.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dimension | Use After Free (CWE-416)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2025-61801",
"datePublished": "2025-10-14T19:34:14.023Z",
"dateReserved": "2025-10-01T17:52:06.975Z",
"dateUpdated": "2025-10-16T03:56:11.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 41 - 50 organizations in total 1855