Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-225
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
Microsoft | N/A | ChakraCore | ||
Microsoft | N/A | Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) | ||
Microsoft | N/A | Microsoft Research JavaScript Cryptography Library V1.4 | ||
Microsoft | N/A | Microsoft Visio 2010 Service Pack 2 (éditions 64 bits) | ||
Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 32 bits) | ||
Microsoft | N/A | Microsoft Dynamics NAV 2017 | ||
Microsoft | N/A | Microsoft Dynamics NAV 2015 | ||
Microsoft | N/A | Microsoft Business Productivity Servers 2010 Service Pack 2 | ||
Microsoft | N/A | Microsoft System Center 2012 R2 Endpoint Protection | ||
Microsoft | N/A | Microsoft Dynamics NAV 2013 | ||
Microsoft | N/A | Dynamics 365 Server, version 9.0 (on-premises) | ||
Microsoft | N/A | Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | ||
Microsoft | N/A | Microsoft System Center Endpoint Protection | ||
Microsoft | N/A | Microsoft Visio 2016 (édition 64 bits) | ||
Microsoft | N/A | Microsoft Visual Studio 2019 version 16.0 | ||
Microsoft | N/A | Microsoft Security Essentials | ||
Microsoft | N/A | Microsoft RMS Sharing pour Mac | ||
Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) | ||
Microsoft | N/A | Microsoft Visio 2016 (édition 32 bits) | ||
Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 | ||
Microsoft | N/A | Microsoft Dynamics 365 BC On Premise | ||
Microsoft | N/A | Microsoft Dynamics NAV 2016 | ||
Microsoft | N/A | Microsoft AutoUpdate pour Mac | ||
Microsoft | N/A | Microsoft Your Phone Companion App pour Android | ||
Microsoft | N/A | Microsoft Visio 2010 Service Pack 2 (éditions 32 bits) | ||
Microsoft | N/A | Microsoft Visio 2013 Service Pack 1 (éditions 64 bits) | ||
Microsoft | N/A | Microsoft Remote Desktop pour Mac | ||
Microsoft | N/A | Microsoft Forefront Endpoint Protection 2010 | ||
Microsoft | N/A | Microsoft Visual Studio 2019 version 16.5 | ||
Microsoft | N/A | Dynamics 365 Business Central 2019 Spring Update | ||
Microsoft | N/A | Microsoft System Center 2012 Endpoint Protection |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Microsoft Dynamics NAV 2018", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "ChakraCore", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Research JavaScript Cryptography Library V1.4", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 64 bits)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Dynamics NAV 2017", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Dynamics NAV 2015", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Business Productivity Servers 2010 Service Pack 2", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft System Center 2012 R2 Endpoint Protection", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Dynamics NAV 2013", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Dynamics 365 Server, version 9.0 (on-premises)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft System Center Endpoint Protection", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visio 2016 (\u00e9dition 64 bits)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visual Studio 2019 version 16.0", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Security Essentials", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft RMS Sharing pour Mac", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visio 2016 (\u00e9dition 32 bits)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visual Studio 2015 Update 3", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Dynamics 365 BC On Premise", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Dynamics NAV 2016", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft AutoUpdate pour Mac", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Your Phone Companion App pour Android", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 32 bits)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Remote Desktop pour Mac", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Forefront Endpoint Protection 2010", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft Visual Studio 2019 version 16.5", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Dynamics 365 Business Central 2019 Spring Update", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } }, { "description": "Microsoft System Center 2012 Endpoint Protection", "product": { "name": "N/A", "vendor": { "name": "Microsoft", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2020-0899", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0899" }, { "name": "CVE-2020-0984", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0984" }, { "name": "CVE-2020-0931", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0931" }, { "name": "CVE-2020-0760", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0760" }, { "name": "CVE-2020-1026", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1026" }, { "name": "CVE-2020-1018", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1018" }, { "name": "CVE-2020-0969", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0969" }, { "name": "CVE-2020-1002", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1002" }, { "name": "CVE-2020-1019", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1019" }, { "name": "CVE-2020-1022", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1022" }, { "name": "CVE-2020-1049", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1049" }, { "name": "CVE-2020-1050", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1050" }, { "name": "CVE-2020-0919", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0919" }, { "name": "CVE-2020-0970", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0970" }, { "name": "CVE-2020-0900", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0900" }, { "name": "CVE-2020-0943", "url": "https://www.cve.org/CVERecord?id=CVE-2020-0943" } ], "initial_release_date": "2020-04-15T00:00:00", "last_revision_date": "2020-04-15T00:00:00", "links": [], "reference": "CERTFR-2020-AVI-225", "revisions": [ { "description": "Version initiale", "revision_date": "2020-04-15T00:00:00.000000" } ], "risks": [ { "description": "Usurpation d\u0027identit\u00e9" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une usurpation\nd\u0027identit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 avril 2020", "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance" } ] }
CVE-2020-0931 (GCVE-0-2020-0931)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
|||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft SharePoint Foundation", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2013 Service Pack 1" } ] }, { "product": "Microsoft SharePoint Enterprise Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2013 Service Pack 1" }, { "status": "affected", "version": "2016" } ] }, { "product": "Microsoft SharePoint Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2019" } ] }, { "product": "Microsoft Business Productivity Servers", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2010 Service Pack 2" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:12:52", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0931", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft SharePoint Foundation", "version": { "version_data": [ { "version_value": "2013 Service Pack 1" } ] } }, { "product_name": "Microsoft SharePoint Enterprise Server", "version": { "version_data": [ { "version_value": "2013 Service Pack 1" }, { "version_value": "2016" } ] } }, { "product_name": "Microsoft SharePoint Server", "version": { "version_data": [ { "version_value": "2019" } ] } }, { "product_name": "Microsoft Business Productivity Servers", "version": { "version_data": [ { "version_value": "2010 Service Pack 2" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0931", "datePublished": "2020-04-15T15:12:52", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.608Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0943 (GCVE-0-2020-0943)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android Authentication Bypass Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft Your Phone Companion App for Android |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Your Phone Companion App for Android", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka \u0027Microsoft YourPhone Application for Android Authentication Bypass Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:12:57", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0943", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Your Phone Companion App for Android", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka \u0027Microsoft YourPhone Application for Android Authentication Bypass Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0943", "datePublished": "2020-04-15T15:12:57", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1022 (GCVE-0-2020-1022)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | Microsoft Dynamics NAV 2015 |
Version: unspecified |
|||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:25:00.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Dynamics NAV 2015", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics 365 BC On Premise", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2018", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2013", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2017", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Dynamics 365 Business Central 2019 Spring Update", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:28", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1022", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Dynamics NAV 2015", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics 365 BC On Premise", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2018", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2013", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2016", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2017", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Dynamics 365 Business Central 2019 Spring Update", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1022", "datePublished": "2020-04-15T15:13:28", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:25:00.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0984 (GCVE-0-2020-0984)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft AutoUpdate for Mac |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft AutoUpdate for Mac", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:14", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0984", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft AutoUpdate for Mac", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \u0027Microsoft (MAU) Office Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0984" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0984", "datePublished": "2020-04-15T15:13:15", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0919 (GCVE-0-2020-0919)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft Remote Desktop for Mac |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0919" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Remote Desktop for Mac", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka \u0027Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:12:48", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0919" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0919", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Remote Desktop for Mac", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka \u0027Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0919", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0919" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0919", "datePublished": "2020-04-15T15:12:48", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1002 (GCVE-0-2020-1002)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:24:59.503Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Forefront Endpoint Protection", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2010" } ] }, { "product": "Microsoft System Center", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Endpoint Protection" }, { "status": "affected", "version": "2012 R2 Endpoint Protection" }, { "status": "affected", "version": "2012 Endpoint Protection" } ] }, { "product": "Microsoft Security Essentials", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1909 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server, version 1909 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1803 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server, version 1803 (Server Core Installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1809 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2019 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1709 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1903 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server, version 1903 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 10 Version 1607 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2016 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 7 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 1" } ] }, { "product": "Windows Defender on Windows 7 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 1" } ] }, { "product": "Windows Defender on Windows 8.1 for 32-bit systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows 8.1 for x64-based systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows RT 8.1", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2008 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2" } ] }, { "product": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2" } ] }, { "product": "Windows Defender on Windows Server 2008 for Itanium-Based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 2" } ] }, { "product": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 1" } ] }, { "product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 1" } ] }, { "product": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Service Pack 1" } ] }, { "product": "Windows Defender on Windows Server 2012", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2012 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2012 R2", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Windows Defender on Windows Server 2012 R2 (Server Core installation)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:20", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1002", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Forefront Endpoint Protection", "version": { "version_data": [ { "version_value": "2010" } ] } }, { "product_name": "Microsoft System Center", "version": { "version_data": [ { "version_value": "Endpoint Protection" }, { "version_value": "2012 R2 Endpoint Protection" }, { "version_value": "2012 Endpoint Protection" } ] } }, { "product_name": "Microsoft Security Essentials", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1909 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1909 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1909 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server, version 1909 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1803 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1803 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server, version 1803 (Server Core Installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1803 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1809 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1809 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1809 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2019", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2019 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1709 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1709 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1709 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1903 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1903 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1903 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server, version 1903 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1607 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 10 Version 1607 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2016", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2016 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 7 for 32-bit Systems", "version": { "version_data": [ { "version_value": "Service Pack 1" } ] } }, { "product_name": "Windows Defender on Windows 7 for x64-based Systems", "version": { "version_data": [ { "version_value": "Service Pack 1" } ] } }, { "product_name": "Windows Defender on Windows 8.1 for 32-bit systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows 8.1 for x64-based systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows RT 8.1", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems", "version": { "version_data": [ { "version_value": "Service Pack 2" } ] } }, { "product_name": "Windows Defender on Windows Server 2008 for 32-bit Systems (Server Core installation)", "version": { "version_data": [ { "version_value": "Service Pack 2" } ] } }, { "product_name": "Windows Defender on Windows Server 2008 for Itanium-Based Systems", "version": { "version_data": [ { "version_value": "Service Pack 2" } ] } }, { "product_name": "Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems", "version": { "version_data": [ { "version_value": "Service Pack 1" } ] } }, { "product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems", "version": { "version_data": [ { "version_value": "Service Pack 1" } ] } }, { "product_name": "Windows Defender on Windows Server 2008 R2 for x64-based Systems (Server Core installation)", "version": { "version_data": [ { "version_value": "Service Pack 1" } ] } }, { "product_name": "Windows Defender on Windows Server 2012", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2012 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2012 R2", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Windows Defender on Windows Server 2012 R2 (Server Core installation)", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Defender Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1002", "datePublished": "2020-04-15T15:13:20", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:24:59.503Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1026 (GCVE-0-2020-1026)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Security Feature Bypass
Summary
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft Research JavaScript Cryptography Library V1.4 |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:25:01.084Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1026" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Research JavaScript Cryptography Library V1.4", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library\u00e2\u20ac\u2122s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server\u00e2\u20ac\u2122s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka \u0027MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:28", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1026" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1026", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Research JavaScript Cryptography Library V1.4", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library\u00e2\u20ac\u2122s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server\u00e2\u20ac\u2122s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka \u0027MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1026", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1026" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1026", "datePublished": "2020-04-15T15:13:28", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:25:01.084Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1050 (GCVE-0-2020-1050)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Dynamics 365 Server, version 9.0 (on-premises) |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:25:01.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1050" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Dynamics 365 Server, version 9.0 (on-premises)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2020-1049." } ], "problemTypes": [ { "descriptions": [ { "description": "Spoofing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:30", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1050" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1050", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Dynamics 365 Server, version 9.0 (on-premises)", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2020-1049." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Spoofing" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1050", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1050" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1050", "datePublished": "2020-04-15T15:13:30", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:25:01.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1018 (GCVE-0-2020-1018)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | Microsoft Dynamics NAV 2016 |
Version: unspecified |
|||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:24:59.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Dynamics NAV 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2017", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2018", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics NAV 2015", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Dynamics 365 BC On Premise", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Dynamics 365 Business Central 2019 Spring Update", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:26", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1018", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Dynamics NAV 2016", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2017", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2018", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics NAV 2015", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Dynamics 365 BC On Premise", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Dynamics 365 Business Central 2019 Spring Update", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1018", "datePublished": "2020-04-15T15:13:27", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:24:59.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0899 (GCVE-0-2020-0899)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | Microsoft Visual Studio 2019 version 16.5 |
Version: unspecified |
|||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.489Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Visual Studio 2019 version 16.5", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Visual Studio 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "16.0" } ] }, { "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka \u0027Microsoft Visual Studio Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:12:44", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0899", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Visual Studio 2019 version 16.5", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Visual Studio 2019", "version": { "version_data": [ { "version_value": "16.0" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka \u0027Microsoft Visual Studio Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0899" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0899", "datePublished": "2020-04-15T15:12:44", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0970 (GCVE-0-2020-0970)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | ChakraCore |
Version: unspecified |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ChakraCore", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0968." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:08", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0970", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ChakraCore", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-0968." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0970", "datePublished": "2020-04-15T15:13:08", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1049 (GCVE-0-2020-1049)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Dynamics 365 Server, version 9.0 (on-premises) |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:25:01.110Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1049" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Dynamics 365 Server, version 9.0 (on-premises)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2020-1050." } ], "problemTypes": [ { "descriptions": [ { "description": "Spoofing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:30", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1049" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1049", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Dynamics 365 Server, version 9.0 (on-premises)", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2020-1050." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Spoofing" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1049", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1049" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1049", "datePublished": "2020-04-15T15:13:30", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:25:01.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0900 (GCVE-0-2020-0900)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | Microsoft Visual Studio 2019 version 16.5 |
Version: unspecified |
||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.628Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Visual Studio 2019 version 16.5", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Visual Studio 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "16.0" } ] }, { "product": "Microsoft Visual Studio", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2015 Update 3" } ] }, { "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka \u0027Visual Studio Extension Installer Service Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:12:44", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0900", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Visual Studio 2019 version 16.5", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Visual Studio 2019", "version": { "version_data": [ { "version_value": "16.0" } ] } }, { "product_name": "Microsoft Visual Studio", "version": { "version_data": [ { "version_value": "2015 Update 3" } ] } }, { "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka \u0027Visual Studio Extension Installer Service Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0900", "datePublished": "2020-04-15T15:12:44", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0969 (GCVE-0-2020-0969)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | ChakraCore |
Version: unspecified |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.640Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0969" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ChakraCore", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:08", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0969" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0969", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ChakraCore", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2019", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Edge (EdgeHTML-based) on Windows Server 2016", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0969", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0969" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0969", "datePublished": "2020-04-15T15:13:08", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.640Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-0760 (GCVE-0-2020-0760)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft | Microsoft Project |
Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:11:05.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Project", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" }, { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" } ] }, { "product": "Microsoft Office", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2019 for 32-bit editions" }, { "status": "affected", "version": "2019 for 64-bit editions" }, { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" } ] }, { "product": "Office 365 ProPlus", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "32-bit Systems" }, { "status": "affected", "version": "64-bit Systems" } ] }, { "product": "Microsoft Excel", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" } ] }, { "product": "Microsoft PowerPoint", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" } ] }, { "product": "Microsoft Visio", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" } ] }, { "product": "Microsoft Word", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" } ] }, { "product": "Microsoft Publisher 2016 (32-bit edition)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Publisher 2016 (64-bit edition)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Access", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" } ] }, { "product": "Microsoft Outlook", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" } ] }, { "product": "Microsoft Publisher 2013 Service Pack 1 (32-bit editions)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Publisher 2013 Service Pack 1 (64-bit editions)", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Publisher", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:12:40", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0760", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Project", "version": { "version_data": [ { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" }, { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" } ] } }, { "product_name": "Microsoft Office", "version": { "version_data": [ { "version_value": "2019 for 32-bit editions" }, { "version_value": "2019 for 64-bit editions" }, { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" } ] } }, { "product_name": "Office 365 ProPlus", "version": { "version_data": [ { "version_value": "32-bit Systems" }, { "version_value": "64-bit Systems" } ] } }, { "product_name": "Microsoft Excel", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" } ] } }, { "product_name": "Microsoft PowerPoint", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" } ] } }, { "product_name": "Microsoft Visio", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" } ] } }, { "product_name": "Microsoft Word", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" } ] } }, { "product_name": "Microsoft Publisher 2016 (32-bit edition)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Publisher 2016 (64-bit edition)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Access", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" } ] } }, { "product_name": "Microsoft Outlook", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" } ] } }, { "product_name": "Microsoft Publisher 2013 Service Pack 1 (32-bit editions)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Publisher 2013 Service Pack 1 (64-bit editions)", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Publisher", "version": { "version_data": [ { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0760", "datePublished": "2020-04-15T15:12:40", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:11:05.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-1019 (GCVE-0-2020-1019)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability'.
References
URL | Tags | |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft | Microsoft RMS Sharing for Mac |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:25:00.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1019" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft RMS Sharing for Mac", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka \u0027Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T15:13:27", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1019" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1019", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft RMS Sharing for Mac", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka \u0027Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1019", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1019" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1019", "datePublished": "2020-04-15T15:13:27", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:25:00.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…