A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal.
\nThe update address the vulnerability by modifying the way Visual Studio Code handles environment variables.
\n" + "value": "A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal.\nThe update address the vulnerability by modifying the way Visual Studio Code handles environment variables.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-10xx/CVE-2020-1046.json b/CVE-2020/CVE-2020-10xx/CVE-2020-1046.json index 9c9dedd07ba..661ac8ff502 100644 --- a/CVE-2020/CVE-2020-10xx/CVE-2020-1046.json +++ b/CVE-2020/CVE-2020-10xx/CVE-2020-1046.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1046", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.083", - "lastModified": "2024-01-04T02:15:08.990", + "lastModified": "2024-01-19T00:15:09.687", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.
\nTo exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.
\nThe security update addresses the vulnerability by correcting how .NET Framework processes input.
\n" + "value": "A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.\nTo exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.\nThe security update addresses the vulnerability by correcting how .NET Framework processes input.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-11xx/CVE-2020-1182.json b/CVE-2020/CVE-2020-11xx/CVE-2020-1182.json index 50358dabc4f..2425c16de64 100644 --- a/CVE-2020/CVE-2020-11xx/CVE-2020-1182.json +++ b/CVE-2020/CVE-2020-11xx/CVE-2020-1182.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1182", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.147", - "lastModified": "2024-01-04T02:15:09.087", + "lastModified": "2024-01-19T00:15:09.770", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.
\nAn authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.
\nThe security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.\nAn authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.\nThe security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1337.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1337.json index 0e9b562c2e6..64802751427 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1337.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1337.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1337", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.210", - "lastModified": "2024-01-04T02:15:09.277", + "lastModified": "2024-01-19T00:15:09.853", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
\nThe update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.\nThe update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1339.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1339.json index 69d1a1390d5..c496e655f91 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1339.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1339.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1339", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.287", - "lastModified": "2024-01-04T02:15:09.493", + "lastModified": "2024-01-19T00:15:09.957", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.
\n" + "value": "A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1377.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1377.json index 9b824e8fc9a..97cf05841fb 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1377.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1377.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1377", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.350", - "lastModified": "2024-01-04T02:15:09.683", + "lastModified": "2024-01-19T00:15:10.053", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
\nA locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
\nThe security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.\nA locally authenticated attacker could exploit this vulnerability by running a specially crafted application.\nThe security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1378.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1378.json index 850a350e87e..4058f19ec9d 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1378.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1378.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1378", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.413", - "lastModified": "2024-01-04T02:15:09.907", + "lastModified": "2024-01-19T00:15:10.163", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
\nA locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
\nThe security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.\nA locally authenticated attacker could exploit this vulnerability by running a specially crafted application.\nThe security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1379.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1379.json index 4608ceb474c..76f08de2221 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1379.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1379.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1379", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.473", - "lastModified": "2024-01-04T02:15:10.103", + "lastModified": "2024-01-19T00:15:10.260", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1380.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1380.json index 2ccbc19821b..ff95a2d9052 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1380.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1380.json @@ -2,7 +2,7 @@ "id": "CVE-2020-1380", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.553", - "lastModified": "2024-01-04T02:15:10.303", + "lastModified": "2024-01-19T00:15:10.350", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2022-05-03", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1383.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1383.json index 8c280584598..b65b8589182 100644 --- a/CVE-2020/CVE-2020-13xx/CVE-2020-1383.json +++ b/CVE-2020/CVE-2020-13xx/CVE-2020-1383.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1383", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.617", - "lastModified": "2024-01-04T02:15:10.530", + "lastModified": "2024-01-19T00:15:10.453", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system
\nTo exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.
\nThe security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.
\n" + "value": "An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system\nTo exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.\nThe security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1417.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1417.json index 4abae1cd2fe..2cde8088328 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1417.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1417.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1417", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.677", - "lastModified": "2024-01-04T02:15:10.640", + "lastModified": "2024-01-19T00:15:10.530", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1455.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1455.json index fe06ed991db..b66f4b6d321 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1455.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1455.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1455", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.740", - "lastModified": "2024-01-04T02:15:10.823", + "lastModified": "2024-01-19T00:15:10.623", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.
\nTo exploit the vulnerability, an attacker would first require execution on the victim system.
\nThe security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.
\n" + "value": "A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service.\nTo exploit the vulnerability, an attacker would first require execution on the victim system.\nThe security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1459.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1459.json index 67eb5efef07..923a74e9b0c 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1459.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1459.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1459", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.803", - "lastModified": "2024-01-04T02:15:11.007", + "lastModified": "2024-01-19T00:15:10.707", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation."
\nTo exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application.
\nThe security update addresses the vulnerability by bypassing the speculative execution.
\n" + "value": "An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation."\nTo exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application.\nThe security update addresses the vulnerability by bypassing the speculative execution.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1464.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1464.json index 82a4a710824..918219bf756 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1464.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1464.json @@ -2,7 +2,7 @@ "id": "CVE-2020-1464", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.867", - "lastModified": "2024-01-04T02:15:11.193", + "lastModified": "2024-01-19T00:15:10.790", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2022-05-03", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
\nIn an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
\nThe update addresses the vulnerability by correcting how Windows validates file signatures.
\n" + "value": "A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.\nIn an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.\nThe update addresses the vulnerability by correcting how Windows validates file signatures.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1466.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1466.json index aa84e8b69c8..86164b5b389 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1466.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1466.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1466", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.927", - "lastModified": "2024-01-04T02:15:11.393", + "lastModified": "2024-01-19T00:15:10.883", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.
\nTo exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services.
\nThe update addresses the vulnerability by correcting how RD Gateway handles connection requests.
\n" + "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\nTo exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services.\nThe update addresses the vulnerability by correcting how RD Gateway handles connection requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1467.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1467.json index e6803226c12..9c1e692af72 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1467.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1467.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1467", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:14.990", - "lastModified": "2024-01-04T02:15:11.613", + "lastModified": "2024-01-19T00:15:10.973", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe security update addresses the vulnerability by correcting how Windows handles hard links.
\n" + "value": "An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe security update addresses the vulnerability by correcting how Windows handles hard links.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1470.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1470.json index 51eb47e43ef..a26e1d37405 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1470.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1470.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1470", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.053", - "lastModified": "2024-01-04T02:15:11.820", + "lastModified": "2024-01-19T00:15:11.067", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1472.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1472.json index df373be4dbd..cbf06d1aa7b 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1472.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1472.json @@ -2,7 +2,7 @@ "id": "CVE-2020-1472", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.117", - "lastModified": "2024-01-04T02:15:12.017", + "lastModified": "2024-01-19T00:15:11.167", "vulnStatus": "Modified", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2020-09-21", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
\nTo exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
\nMicrosoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
\nFor guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
\nWhen the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
\n" + "value": "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.\nTo exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.\nMicrosoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.\nFor guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).\nWhen the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1473.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1473.json index 04fb005a54e..93a9b60280f 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1473.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1473.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1473", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.177", - "lastModified": "2024-01-04T02:15:12.280", + "lastModified": "2024-01-19T00:15:11.313", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1474.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1474.json index 54ec2844c5d..28f1a14a84d 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1474.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1474.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1474", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.240", - "lastModified": "2024-01-04T02:15:12.480", + "lastModified": "2024-01-19T00:15:11.400", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.
\nThe security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.\nThe security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1475.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1475.json index 8aa7a5d1da7..dd44d096457 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1475.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1475.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1475", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.317", - "lastModified": "2024-01-04T02:15:12.683", + "lastModified": "2024-01-19T00:15:11.487", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the srmsvc.dll properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the srmsvc.dll properly handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1476.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1476.json index bd9f92503f7..1f8c98997fe 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1476.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1476.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1476", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.367", - "lastModified": "2024-01-04T02:15:12.890", + "lastModified": "2024-01-19T00:15:11.580", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.
\nTo exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server.
\nThe update addresses the vulnerability by changing how ASP.NET and .NET handle requests.
\n" + "value": "An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.\nTo exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server.\nThe update addresses the vulnerability by changing how ASP.NET and .NET handle requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1477.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1477.json index 441003319ea..7c0e249a946 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1477.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1477.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1477", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.427", - "lastModified": "2024-01-04T02:15:13.010", + "lastModified": "2024-01-19T00:15:11.677", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1478.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1478.json index 5265fadf6d1..2560043acc5 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1478.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1478.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1478", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.490", - "lastModified": "2024-01-04T02:15:13.210", + "lastModified": "2024-01-19T00:15:11.780", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1479.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1479.json index f236fe4d597..b0efb6ed036 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1479.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1479.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1479", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.553", - "lastModified": "2024-01-04T02:15:13.393", + "lastModified": "2024-01-19T00:15:11.893", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe update addresses the vulnerability by correcting how DirectX handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe update addresses the vulnerability by correcting how DirectX handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1480.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1480.json index 6734d8e5a92..ff974af7fea 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1480.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1480.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1480", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.617", - "lastModified": "2024-01-04T02:15:13.470", + "lastModified": "2024-01-19T00:15:11.970", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1483.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1483.json index e7c8383d91e..cf563dfeff7 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1483.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1483.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1483", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.677", - "lastModified": "2024-01-04T02:15:13.657", + "lastModified": "2024-01-19T00:15:12.053", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nNote that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.
\nThe security update addresses the vulnerability by correcting how Outlook handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nNote that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.\nThe security update addresses the vulnerability by correcting how Outlook handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1484.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1484.json index a23db7972d4..f1e0bece930 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1484.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1484.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1484", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.740", - "lastModified": "2024-01-04T02:15:13.837", + "lastModified": "2024-01-19T00:15:12.150", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1485.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1485.json index a580011a71d..ca150a2db50 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1485.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1485.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1485", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.803", - "lastModified": "2024-01-04T02:15:13.903", + "lastModified": "2024-01-19T00:15:12.213", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.
\nThe security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information.\nThe security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1486.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1486.json index b7c9d467ecd..9892fb7e9d2 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1486.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1486.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1486", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.867", - "lastModified": "2024-01-04T02:15:14.093", + "lastModified": "2024-01-19T00:15:12.313", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1487.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1487.json index f7aa52a2514..5ee3fdbdcf9 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1487.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1487.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1487", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.927", - "lastModified": "2024-01-04T02:15:14.303", + "lastModified": "2024-01-19T00:15:12.413", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
\nThe update addresses the vulnerability by correcting how Media Foundation handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.\nThe update addresses the vulnerability by correcting how Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1488.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1488.json index 78960bde5de..f3f2011d46b 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1488.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1488.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1488", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:15.973", - "lastModified": "2024-01-04T02:15:14.507", + "lastModified": "2024-01-19T00:15:12.520", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
\nTo exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.\nTo exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1489.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1489.json index f1a104dcdda..f8132e349fe 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1489.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1489.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1489", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.037", - "lastModified": "2024-01-04T02:15:14.693", + "lastModified": "2024-01-19T00:15:12.610", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1490.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1490.json index 2737217f51c..58f2892cfd6 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1490.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1490.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1490", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.100", - "lastModified": "2024-01-04T02:15:14.903", + "lastModified": "2024-01-19T00:15:12.710", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.
\nTo exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how the Storage Services handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.\nTo exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.\nThe security update addresses the vulnerability by correcting how the Storage Services handles file operations.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1492.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1492.json index 9dcbf447ccb..c4721c49541 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1492.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1492.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1492", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.163", - "lastModified": "2024-01-04T02:15:14.980", + "lastModified": "2024-01-19T00:15:12.780", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1493.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1493.json index ef46c5b4247..ff34d5d08de 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1493.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1493.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1493", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.210", - "lastModified": "2024-01-04T02:15:15.050", + "lastModified": "2024-01-19T00:15:12.853", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.
\nTo exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.
\nThe security update addresses the vulnerability by correcting how Outlook handles file attachment links.
\n" + "value": "An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users.\nTo exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting.\nThe security update addresses the vulnerability by correcting how Outlook handles file attachment links.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1494.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1494.json index dd6ddf0ad05..b2a6c4c1a54 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1494.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1494.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1494", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.270", - "lastModified": "2024-01-04T02:15:15.137", + "lastModified": "2024-01-19T00:15:12.930", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1495.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1495.json index 5a95c0df493..d54c4d0d755 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1495.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1495.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1495", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.350", - "lastModified": "2024-01-04T02:15:15.213", + "lastModified": "2024-01-19T00:15:12.997", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1496.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1496.json index 6c3aa63761a..d0dcf756b9b 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1496.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1496.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1496", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.413", - "lastModified": "2024-01-04T02:15:15.290", + "lastModified": "2024-01-19T00:15:13.067", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1497.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1497.json index c685c00c69a..293c0ee1b79 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1497.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1497.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1497", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.473", - "lastModified": "2024-01-04T02:15:15.367", + "lastModified": "2024-01-19T00:15:13.143", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1498.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1498.json index b3c6204cd2b..01a67930867 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1498.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1498.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1498", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.537", - "lastModified": "2024-01-04T02:15:15.440", + "lastModified": "2024-01-19T00:15:13.210", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-14xx/CVE-2020-1499.json b/CVE-2020/CVE-2020-14xx/CVE-2020-1499.json index 371f735b623..77494635ad2 100644 --- a/CVE-2020/CVE-2020-14xx/CVE-2020-1499.json +++ b/CVE-2020/CVE-2020-14xx/CVE-2020-1499.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1499", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.600", - "lastModified": "2024-01-04T02:15:15.577", + "lastModified": "2024-01-19T00:15:13.283", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1500.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1500.json index 381d3214803..64c0ebae09f 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1500.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1500.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1500", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.647", - "lastModified": "2024-01-04T02:15:15.660", + "lastModified": "2024-01-19T00:15:13.350", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1501.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1501.json index 0064c3c017e..efe4d73c399 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1501.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1501.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1501", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.710", - "lastModified": "2024-01-04T02:15:15.727", + "lastModified": "2024-01-19T00:15:13.407", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1502.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1502.json index 3406953f3d9..8a86b9d0118 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1502.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1502.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1502", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.770", - "lastModified": "2024-01-04T02:15:15.807", + "lastModified": "2024-01-19T00:15:13.467", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1503.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1503.json index b12be055cbe..6571855fae4 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1503.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1503.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1503", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.817", - "lastModified": "2024-01-04T02:15:15.877", + "lastModified": "2024-01-19T00:15:13.563", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1504.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1504.json index 588b2373d55..612cae51cb1 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1504.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1504.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1504", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.880", - "lastModified": "2024-01-04T02:15:15.960", + "lastModified": "2024-01-19T00:15:13.657", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1505.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1505.json index 282e3f6bf98..00e66b08b2a 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1505.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1505.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1505", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:16.943", - "lastModified": "2024-01-04T02:15:16.163", + "lastModified": "2024-01-19T00:15:13.750", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1509.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1509.json index b0309138dc9..7ffd204c19c 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1509.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1509.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1509", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.007", - "lastModified": "2024-01-04T02:15:16.333", + "lastModified": "2024-01-19T00:15:13.837", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service.
\nThe security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
\n" + "value": "An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service.\nThe security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1510.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1510.json index 731a2809d3b..c41aadf6906 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1510.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1510.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1510", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.067", - "lastModified": "2024-01-04T02:15:16.540", + "lastModified": "2024-01-19T00:15:13.933", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how win32k handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how win32k handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1511.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1511.json index cf1a31de25b..5e972c9b62b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1511.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1511.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1511", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.117", - "lastModified": "2024-01-04T02:15:16.730", + "lastModified": "2024-01-19T00:15:14.030", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1512.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1512.json index f650b2e25ff..08a802e735e 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1512.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1512.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1512", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.177", - "lastModified": "2024-01-04T02:15:16.940", + "lastModified": "2024-01-19T00:15:14.123", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1513.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1513.json index 690b6aafcc0..593344e4c1f 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1513.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1513.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1513", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.240", - "lastModified": "2024-01-04T02:15:17.200", + "lastModified": "2024-01-19T00:15:14.230", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1515.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1515.json index bb80384a441..e90071f23c9 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1515.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1515.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1515", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.317", - "lastModified": "2024-01-04T02:15:17.410", + "lastModified": "2024-01-19T00:15:14.330", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Telephony Server handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1516.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1516.json index 330ca984c97..82314a8789b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1516.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1516.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1516", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.380", - "lastModified": "2024-01-04T02:15:17.630", + "lastModified": "2024-01-19T00:15:14.437", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Work Folders Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1517.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1517.json index 52ecb649694..c7d10fe6815 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1517.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1517.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1517", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.460", - "lastModified": "2024-01-04T02:15:17.827", + "lastModified": "2024-01-19T00:15:14.540", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1518.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1518.json index 83282c8138b..0d80743399a 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1518.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1518.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1518", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.537", - "lastModified": "2024-01-04T02:15:18.037", + "lastModified": "2024-01-19T00:15:14.640", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows File Server Resource Management Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1519.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1519.json index ee850ac76a9..57c0f5c3f0b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1519.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1519.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1519", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.600", - "lastModified": "2024-01-04T02:15:18.250", + "lastModified": "2024-01-19T00:15:14.747", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1520.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1520.json index 07319aba52d..6b01ea5d12f 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1520.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1520.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1520", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.663", - "lastModified": "2024-01-04T02:15:18.453", + "lastModified": "2024-01-19T00:15:14.850", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.
\nAn attacker who successfully exploited the vulnerability would gain execution on a victim system.
\nThe security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.\nAn attacker who successfully exploited the vulnerability would gain execution on a victim system.\nThe security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1521.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1521.json index 4b81ad25c29..decc8501998 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1521.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1521.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1521", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.740", - "lastModified": "2024-01-04T02:15:18.677", + "lastModified": "2024-01-19T00:15:14.957", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1522.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1522.json index 7e1d5d0fc58..5620fdec462 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1522.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1522.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1522", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.817", - "lastModified": "2024-01-04T02:15:18.883", + "lastModified": "2024-01-19T00:15:15.053", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Speech Runtime handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1524.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1524.json index 06319ceafa4..d4e94f9b36d 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1524.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1524.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1524", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.880", - "lastModified": "2024-01-04T02:15:19.107", + "lastModified": "2024-01-19T00:15:15.140", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Speech Shell Components handle memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Speech Shell Components handle memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1525.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1525.json index 1679bacd79b..2d515796803 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1525.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1525.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1525", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:17.960", - "lastModified": "2024-01-04T02:15:19.293", + "lastModified": "2024-01-19T00:15:15.230", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1526.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1526.json index 0d7e2b71d84..61ae636d6c6 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1526.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1526.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1526", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.037", - "lastModified": "2024-01-04T02:15:19.483", + "lastModified": "2024-01-19T00:15:15.310", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Network Connection Broker handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1527.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1527.json index 01c83e6ac81..a83ee91024d 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1527.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1527.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1527", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.100", - "lastModified": "2024-01-04T02:15:19.667", + "lastModified": "2024-01-19T00:15:15.400", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Custom Protocol Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1528.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1528.json index 395ded5a3b3..d99a902f096 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1528.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1528.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1528", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.177", - "lastModified": "2024-01-04T02:15:19.857", + "lastModified": "2024-01-19T00:15:15.490", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Radio Manager API handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1529.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1529.json index 8f5e462410b..8aea0da2280 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1529.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1529.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1529", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.240", - "lastModified": "2024-01-04T02:15:20.050", + "lastModified": "2024-01-19T00:15:15.583", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe update addresses the vulnerability by correcting how GDI handles objects in memory and by preventing instances of unintended user-mode privilege elevation.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1530.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1530.json index a224d14e1d9..aebe5a47342 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1530.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1530.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1530", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.303", - "lastModified": "2024-01-04T02:15:20.240", + "lastModified": "2024-01-19T00:15:15.673", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how Windows Remote Access handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how Windows Remote Access handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1531.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1531.json index 85c242d8309..ddf778400d7 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1531.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1531.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1531", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.367", - "lastModified": "2024-01-04T02:15:20.433", + "lastModified": "2024-01-19T00:15:15.770", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Accounts Control handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1533.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1533.json index d5dfcc3c4bb..124351c35c0 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1533.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1533.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1533", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.443", - "lastModified": "2024-01-04T02:15:20.677", + "lastModified": "2024-01-19T00:15:15.860", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1534.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1534.json index 5f9335bb88f..24e29d5d7d6 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1534.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1534.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1534", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.507", - "lastModified": "2024-01-04T02:15:20.870", + "lastModified": "2024-01-19T00:15:15.960", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Service handles file operations.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1535.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1535.json index 203ad9115b5..17039f94164 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1535.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1535.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1535", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.567", - "lastModified": "2024-01-04T02:15:21.087", + "lastModified": "2024-01-19T00:15:16.050", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1536.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1536.json index d203ece7504..972223092d8 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1536.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1536.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1536", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.630", - "lastModified": "2024-01-04T02:15:21.270", + "lastModified": "2024-01-19T00:15:16.140", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1537.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1537.json index fae33ff3168..7b0c8784ccc 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1537.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1537.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1537", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.727", - "lastModified": "2024-01-04T02:15:21.467", + "lastModified": "2024-01-19T00:15:16.233", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.
\nTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.\nTo exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1538.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1538.json index 480e3973d43..a19aa04c103 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1538.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1538.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1538", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.787", - "lastModified": "2024-01-04T02:15:21.667", + "lastModified": "2024-01-19T00:15:16.333", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows UPnP Device Host handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1539.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1539.json index b18f5d1ce33..0d854ee79a7 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1539.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1539.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1539", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.833", - "lastModified": "2024-01-04T02:15:21.863", + "lastModified": "2024-01-19T00:15:16.430", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1540.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1540.json index 7c7d99d5f2f..e4797baa80d 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1540.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1540.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1540", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.897", - "lastModified": "2024-01-04T02:15:22.077", + "lastModified": "2024-01-19T00:15:16.520", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1541.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1541.json index 14e6107d2cb..eda0205e857 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1541.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1541.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1541", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:18.960", - "lastModified": "2024-01-04T02:15:22.280", + "lastModified": "2024-01-19T00:15:16.620", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1542.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1542.json index 5cefe7c0b01..15f25bcb8fc 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1542.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1542.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1542", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.020", - "lastModified": "2024-01-04T02:15:22.473", + "lastModified": "2024-01-19T00:15:16.710", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1543.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1543.json index 951b7595f0e..67cf8bd14eb 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1543.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1543.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1543", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.083", - "lastModified": "2024-01-04T02:15:22.687", + "lastModified": "2024-01-19T00:15:16.800", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1544.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1544.json index 524d2c66512..f62b40af19a 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1544.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1544.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1544", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.147", - "lastModified": "2024-01-04T02:15:22.900", + "lastModified": "2024-01-19T00:15:16.890", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1545.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1545.json index 105d57ca03e..2fa8de8d82b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1545.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1545.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1545", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.210", - "lastModified": "2024-01-04T02:15:23.093", + "lastModified": "2024-01-19T00:15:16.980", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1546.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1546.json index 548888f01d3..bbfb0789352 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1546.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1546.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1546", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.270", - "lastModified": "2024-01-04T02:15:23.280", + "lastModified": "2024-01-19T00:15:17.080", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1547.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1547.json index 83bbb6fd927..82cd2f1665a 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1547.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1547.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1547", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.333", - "lastModified": "2024-01-04T02:15:23.507", + "lastModified": "2024-01-19T00:15:17.180", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1548.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1548.json index 9bc39a21be9..438bbd545ee 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1548.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1548.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1548", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.397", - "lastModified": "2024-01-04T02:15:23.713", + "lastModified": "2024-01-19T00:15:17.280", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory.
\nThe security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory.
\n" + "value": "An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory.\nThe security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1549.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1549.json index 9fe0842df59..312adb06c69 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1549.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1549.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1549", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.460", - "lastModified": "2024-01-04T02:15:23.910", + "lastModified": "2024-01-19T00:15:17.377", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1550.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1550.json index b5352b80e9d..b083a69a9f8 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1550.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1550.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1550", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.520", - "lastModified": "2024-01-04T02:15:24.093", + "lastModified": "2024-01-19T00:15:17.460", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows CDP User Components handle memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1551.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1551.json index 058b51796a3..8d0d070b4f2 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1551.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1551.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1551", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.600", - "lastModified": "2024-01-04T02:15:24.163", + "lastModified": "2024-01-19T00:15:17.533", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Backup Engine handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1552.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1552.json index 968541ad297..e1678ce597b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1552.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1552.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1552", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.677", - "lastModified": "2024-01-04T02:15:24.357", + "lastModified": "2024-01-19T00:15:17.637", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe update addresses the vulnerability by correcting the way the Windows Work Folder Service handles file operations.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1553.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1553.json index a8b92706639..19707cec5cb 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1553.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1553.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1553", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.757", - "lastModified": "2024-01-04T02:15:24.543", + "lastModified": "2024-01-19T00:15:17.733", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1554.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1554.json index 50e6d07bee9..cc914634f41 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1554.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1554.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1554", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.817", - "lastModified": "2024-01-04T02:15:24.630", + "lastModified": "2024-01-19T00:15:17.817", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.
\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
\n" + "value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.\nThe security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1555.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1555.json index 8dceacc78a7..ee5bdb30e77 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1555.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1555.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1555", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.897", - "lastModified": "2024-01-04T02:15:24.710", + "lastModified": "2024-01-19T00:15:17.887", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1556.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1556.json index 2ab1980c4c9..d248796df61 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1556.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1556.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1556", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:19.960", - "lastModified": "2024-01-04T02:15:24.800", + "lastModified": "2024-01-19T00:15:17.963", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the Windows WalletService properly handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1557.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1557.json index b843b5f104f..3e3ef22c5f7 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1557.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1557.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1557", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.037", - "lastModified": "2024-01-04T02:15:24.873", + "lastModified": "2024-01-19T00:15:18.043", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1558.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1558.json index 230773eb650..c94630a901b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1558.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1558.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1558", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.117", - "lastModified": "2024-01-04T02:15:25.093", + "lastModified": "2024-01-19T00:15:18.140", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1560.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1560.json index b8b64b197cc..f7b0852737f 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1560.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1560.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1560", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.177", - "lastModified": "2024-01-04T02:15:25.290", + "lastModified": "2024-01-19T00:15:18.240", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nExploitation of the vulnerability requires that a program process a specially crafted image file.
\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1561.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1561.json index 848e2c00ecf..532d96254f8 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1561.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1561.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1561", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.257", - "lastModified": "2024-01-04T02:15:25.510", + "lastModified": "2024-01-19T00:15:18.337", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
\nTo exploit the vulnerability, a user would have to open a specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.\nTo exploit the vulnerability, a user would have to open a specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1562.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1562.json index 7c9e849ceab..9e0f18c884c 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1562.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1562.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1562", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.317", - "lastModified": "2024-01-04T02:15:25.607", + "lastModified": "2024-01-19T00:15:18.403", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
\nTo exploit the vulnerability, a user would have to open a specially crafted file.
\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.\nTo exploit the vulnerability, a user would have to open a specially crafted file.\nThe security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1563.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1563.json index 4a7c11bccb6..6851af626bf 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1563.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1563.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1563", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.380", - "lastModified": "2024-01-04T02:15:25.687", + "lastModified": "2024-01-19T00:15:18.480", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
\nThe security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\nThe security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1564.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1564.json index 6c0791cab52..5ab028ef347 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1564.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1564.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1564", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.460", - "lastModified": "2024-01-04T02:15:25.777", + "lastModified": "2024-01-19T00:15:18.560", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.\nAn attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.\nThe update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1565.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1565.json index f6f11c8b605..5530b4c5b15 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1565.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1565.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1565", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.523", - "lastModified": "2024-01-04T02:15:25.843", + "lastModified": "2024-01-19T00:15:18.637", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how Windows handles junctions.
\n" + "value": "An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how Windows handles junctions.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1566.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1566.json index 4242093d618..511ce46e047 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1566.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1566.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1566", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.583", - "lastModified": "2024-01-04T02:15:26.047", + "lastModified": "2024-01-19T00:15:18.730", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1567.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1567.json index 74ce6eb4c58..145f8adceee 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1567.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1567.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1567", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.663", - "lastModified": "2024-01-04T02:15:26.270", + "lastModified": "2024-01-19T00:15:18.873", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.
\nAn attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how MSHTML engine validates input.
\n" + "value": "A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.\nAn attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how MSHTML engine validates input.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1568.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1568.json index 7b461dd60bf..950720053e9 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1568.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1568.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1568", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.727", - "lastModified": "2024-01-04T02:15:26.483", + "lastModified": "2024-01-19T00:15:18.990", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.
\nThe security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\nThe security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1569.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1569.json index a4d92f2f280..e06ce32f18c 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1569.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1569.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1569", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.803", - "lastModified": "2024-01-04T02:15:26.673", + "lastModified": "2024-01-19T00:15:19.090", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.
\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1570.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1570.json index c7508279689..77edbb68c05 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1570.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1570.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1570", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.880", - "lastModified": "2024-01-04T02:15:26.860", + "lastModified": "2024-01-19T00:15:19.187", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1571.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1571.json index 047505808c4..421dd6cfa9c 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1571.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1571.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1571", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:20.960", - "lastModified": "2024-01-04T02:15:26.937", + "lastModified": "2024-01-19T00:15:19.257", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.
\nA locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nThe security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.
\n" + "value": "An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.\nA locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nThe security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1573.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1573.json index fdd82d6e15f..16866b63734 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1573.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1573.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1573", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.023", - "lastModified": "2024-01-04T02:15:27.123", + "lastModified": "2024-01-19T00:15:19.350", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1574.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1574.json index 00ee7a52b9b..00f02a9090b 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1574.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1574.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1574", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.100", - "lastModified": "2024-01-04T02:15:27.310", + "lastModified": "2024-01-19T00:15:19.437", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
\nExploitation of the vulnerability requires that a program process a specially crafted image file.
\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1577.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1577.json index 6aed912e87c..6ca50ec40e1 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1577.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1577.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1577", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.163", - "lastModified": "2024-01-04T02:15:27.483", + "lastModified": "2024-01-19T00:15:19.527", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.
\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
\nThe security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
\n" + "value": "An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.\nThe security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1578.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1578.json index d6e77335869..f2eb60dfab6 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1578.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1578.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1578", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.240", - "lastModified": "2024-01-04T02:15:27.667", + "lastModified": "2024-01-19T00:15:19.627", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.
\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
\nThe security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.
\n" + "value": "An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1579.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1579.json index 835e2923a70..4ec32a026a5 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1579.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1579.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1579", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.317", - "lastModified": "2024-01-04T02:15:27.743", + "lastModified": "2024-01-19T00:15:19.697", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1580.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1580.json index 1ae605b0b7e..5ec61b49ebc 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1580.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1580.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1580", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.380", - "lastModified": "2024-01-04T02:15:27.827", + "lastModified": "2024-01-19T00:15:19.770", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
\n" + "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1581.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1581.json index c11b4de0609..db094d422cf 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1581.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1581.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1581", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.443", - "lastModified": "2024-01-04T02:15:27.913", + "lastModified": "2024-01-19T00:15:19.847", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.
\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.
\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the system.\nAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\nThe security update addresses the vulnerability by correcting how Microsoft Office Click-to-Run (C2R) components handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1582.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1582.json index 0aaee02ae67..c3cc96becf2 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1582.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1582.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1582", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.523", - "lastModified": "2024-01-04T02:15:27.987", + "lastModified": "2024-01-19T00:15:19.910", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
\nThe security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Access. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\nThe security update addresses the vulnerability by correcting how Microsoft Access handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1583.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1583.json index 7b3b9c5cacc..973717e9ced 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1583.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1583.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1583", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.600", - "lastModified": "2024-01-04T02:15:28.197", + "lastModified": "2024-01-19T00:15:20.010", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.
\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.
\n" + "value": "An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.\nTo exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.\nThe update addresses the vulnerability by changing the way certain Word functions handle objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1584.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1584.json index ae44f7bc003..fbb2189080c 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1584.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1584.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1584", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.663", - "lastModified": "2024-01-04T02:15:28.393", + "lastModified": "2024-01-19T00:15:20.120", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
\nThe security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.
\n" + "value": "An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\nThe security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1585.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1585.json index 989d641e8b8..ab6c917f23a 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1585.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1585.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1585", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.727", - "lastModified": "2024-01-04T02:15:28.600", + "lastModified": "2024-01-19T00:15:20.223", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
\nExploitation of the vulnerability requires that a program process a specially crafted image file.
\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
\n" + "value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1587.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1587.json index ffed7f42f79..a555688158e 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1587.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1587.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1587", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.803", - "lastModified": "2024-01-04T02:15:28.667", + "lastModified": "2024-01-19T00:15:20.300", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.
\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
\nThe security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory.
\n" + "value": "An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.\nTo exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.\nThe security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1591.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1591.json index 3c3c04d3fba..a2548b3409d 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1591.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1591.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1591", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.867", - "lastModified": "2024-01-04T02:15:28.740", + "lastModified": "2024-01-19T00:15:20.377", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
\nThe security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.
\n" + "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.\n" }, { "lang": "es", diff --git a/CVE-2020/CVE-2020-15xx/CVE-2020-1597.json b/CVE-2020/CVE-2020-15xx/CVE-2020-1597.json index ef2068331ab..306487c8524 100644 --- a/CVE-2020/CVE-2020-15xx/CVE-2020-1597.json +++ b/CVE-2020/CVE-2020-15xx/CVE-2020-1597.json @@ -2,12 +2,12 @@ "id": "CVE-2020-1597", "sourceIdentifier": "secure@microsoft.com", "published": "2020-08-17T19:15:21.927", - "lastModified": "2024-01-04T02:15:28.820", + "lastModified": "2024-01-19T00:15:20.457", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
\n" + "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.\n" }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0693.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0693.json new file mode 100644 index 00000000000..3af8e417a7e --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0693.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-0693", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-18T23:15:08.493", + "lastModified": "2024-01-18T23:15:08.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://0day.today/exploit/description/39218", + "source": "cna@vuldb.com" + }, + { + "url": "https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251479", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251479", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.youtube.com/watch?v=Rcl6VWg_bPY", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0695.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0695.json new file mode 100644 index 00000000000..0bfb76fb457 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0695.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-0695", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-18T23:15:08.720", + "lastModified": "2024-01-18T23:15:08.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251480", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251480", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.exploitalert.com/view-details.html?id=40072", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.youtube.com/watch?v=nGyS2Rp5aEo", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json new file mode 100644 index 00000000000..44afff0b0a6 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0696.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0696", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-18T23:15:08.940", + "lastModified": "2024-01-18T23:15:08.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://pasteboard.co/wsTTLjp5UEPq.png", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.251481", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.251481", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 250e4ba51f2..c3fadb0ed8c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-18T23:00:25.033958+00:00 +2024-01-19T00:55:24.754098+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-18T22:15:11.100000+00:00 +2024-01-19T00:15:20.457000+00:00 ``` ### Last Data Feed Release @@ -29,51 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236343 +236346 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` +Recently added CVEs: `3` -* [CVE-2023-47092](CVE-2023/CVE-2023-470xx/CVE-2023-47092.json) (`2024-01-18T21:15:08.177`) -* [CVE-2023-51217](CVE-2023/CVE-2023-512xx/CVE-2023-51217.json) (`2024-01-18T21:15:08.243`) -* [CVE-2023-51258](CVE-2023/CVE-2023-512xx/CVE-2023-51258.json) (`2024-01-18T21:15:08.293`) -* [CVE-2023-43815](CVE-2023/CVE-2023-438xx/CVE-2023-43815.json) (`2024-01-18T22:15:08.717`) -* [CVE-2023-43816](CVE-2023/CVE-2023-438xx/CVE-2023-43816.json) (`2024-01-18T22:15:08.957`) -* [CVE-2023-43817](CVE-2023/CVE-2023-438xx/CVE-2023-43817.json) (`2024-01-18T22:15:09.183`) -* [CVE-2023-43818](CVE-2023/CVE-2023-438xx/CVE-2023-43818.json) (`2024-01-18T22:15:09.383`) -* [CVE-2023-43819](CVE-2023/CVE-2023-438xx/CVE-2023-43819.json) (`2024-01-18T22:15:09.587`) -* [CVE-2023-43820](CVE-2023/CVE-2023-438xx/CVE-2023-43820.json) (`2024-01-18T22:15:09.800`) -* [CVE-2023-43821](CVE-2023/CVE-2023-438xx/CVE-2023-43821.json) (`2024-01-18T22:15:10.017`) -* [CVE-2023-43822](CVE-2023/CVE-2023-438xx/CVE-2023-43822.json) (`2024-01-18T22:15:10.220`) -* [CVE-2023-43823](CVE-2023/CVE-2023-438xx/CVE-2023-43823.json) (`2024-01-18T22:15:10.430`) -* [CVE-2023-43824](CVE-2023/CVE-2023-438xx/CVE-2023-43824.json) (`2024-01-18T22:15:10.630`) -* [CVE-2023-50614](CVE-2023/CVE-2023-506xx/CVE-2023-50614.json) (`2024-01-18T22:15:10.843`) -* [CVE-2023-5130](CVE-2023/CVE-2023-51xx/CVE-2023-5130.json) (`2024-01-18T22:15:10.890`) -* [CVE-2023-5131](CVE-2023/CVE-2023-51xx/CVE-2023-5131.json) (`2024-01-18T22:15:11.100`) -* [CVE-2024-22401](CVE-2024/CVE-2024-224xx/CVE-2024-22401.json) (`2024-01-18T21:15:08.343`) -* [CVE-2024-22402](CVE-2024/CVE-2024-224xx/CVE-2024-22402.json) (`2024-01-18T21:15:08.590`) -* [CVE-2024-22404](CVE-2024/CVE-2024-224xx/CVE-2024-22404.json) (`2024-01-18T21:15:08.830`) -* [CVE-2024-22415](CVE-2024/CVE-2024-224xx/CVE-2024-22415.json) (`2024-01-18T21:15:09.087`) -* [CVE-2024-22418](CVE-2024/CVE-2024-224xx/CVE-2024-22418.json) (`2024-01-18T21:15:09.323`) +* [CVE-2024-0693](CVE-2024/CVE-2024-06xx/CVE-2024-0693.json) (`2024-01-18T23:15:08.493`) +* [CVE-2024-0695](CVE-2024/CVE-2024-06xx/CVE-2024-0695.json) (`2024-01-18T23:15:08.720`) +* [CVE-2024-0696](CVE-2024/CVE-2024-06xx/CVE-2024-0696.json) (`2024-01-18T23:15:08.940`) ### CVEs modified in the last Commit -Recently modified CVEs: `11` +Recently modified CVEs: `121` -* [CVE-2023-49257](CVE-2023/CVE-2023-492xx/CVE-2023-49257.json) (`2024-01-18T21:13:51.623`) -* [CVE-2023-49256](CVE-2023/CVE-2023-492xx/CVE-2023-49256.json) (`2024-01-18T21:14:03.490`) -* [CVE-2023-49254](CVE-2023/CVE-2023-492xx/CVE-2023-49254.json) (`2024-01-18T21:14:11.877`) -* [CVE-2023-49253](CVE-2023/CVE-2023-492xx/CVE-2023-49253.json) (`2024-01-18T21:14:22.820`) -* [CVE-2023-7028](CVE-2023/CVE-2023-70xx/CVE-2023-7028.json) (`2024-01-18T21:15:51.483`) -* [CVE-2023-6955](CVE-2023/CVE-2023-69xx/CVE-2023-6955.json) (`2024-01-18T21:16:42.053`) -* [CVE-2023-5356](CVE-2023/CVE-2023-53xx/CVE-2023-5356.json) (`2024-01-18T21:17:29.540`) -* [CVE-2023-4812](CVE-2023/CVE-2023-48xx/CVE-2023-4812.json) (`2024-01-18T21:18:27.850`) -* [CVE-2023-2030](CVE-2023/CVE-2023-20xx/CVE-2023-2030.json) (`2024-01-18T21:18:39.847`) -* [CVE-2023-0437](CVE-2023/CVE-2023-04xx/CVE-2023-0437.json) (`2024-01-18T21:18:53.223`) -* [CVE-2023-51063](CVE-2023/CVE-2023-510xx/CVE-2023-51063.json) (`2024-01-18T21:38:53.560`) +* [CVE-2020-1561](CVE-2020/CVE-2020-15xx/CVE-2020-1561.json) (`2024-01-19T00:15:18.337`) +* [CVE-2020-1562](CVE-2020/CVE-2020-15xx/CVE-2020-1562.json) (`2024-01-19T00:15:18.403`) +* [CVE-2020-1563](CVE-2020/CVE-2020-15xx/CVE-2020-1563.json) (`2024-01-19T00:15:18.480`) +* [CVE-2020-1564](CVE-2020/CVE-2020-15xx/CVE-2020-1564.json) (`2024-01-19T00:15:18.560`) +* [CVE-2020-1565](CVE-2020/CVE-2020-15xx/CVE-2020-1565.json) (`2024-01-19T00:15:18.637`) +* [CVE-2020-1566](CVE-2020/CVE-2020-15xx/CVE-2020-1566.json) (`2024-01-19T00:15:18.730`) +* [CVE-2020-1567](CVE-2020/CVE-2020-15xx/CVE-2020-1567.json) (`2024-01-19T00:15:18.873`) +* [CVE-2020-1568](CVE-2020/CVE-2020-15xx/CVE-2020-1568.json) (`2024-01-19T00:15:18.990`) +* [CVE-2020-1569](CVE-2020/CVE-2020-15xx/CVE-2020-1569.json) (`2024-01-19T00:15:19.090`) +* [CVE-2020-1570](CVE-2020/CVE-2020-15xx/CVE-2020-1570.json) (`2024-01-19T00:15:19.187`) +* [CVE-2020-1571](CVE-2020/CVE-2020-15xx/CVE-2020-1571.json) (`2024-01-19T00:15:19.257`) +* [CVE-2020-1573](CVE-2020/CVE-2020-15xx/CVE-2020-1573.json) (`2024-01-19T00:15:19.350`) +* [CVE-2020-1574](CVE-2020/CVE-2020-15xx/CVE-2020-1574.json) (`2024-01-19T00:15:19.437`) +* [CVE-2020-1577](CVE-2020/CVE-2020-15xx/CVE-2020-1577.json) (`2024-01-19T00:15:19.527`) +* [CVE-2020-1578](CVE-2020/CVE-2020-15xx/CVE-2020-1578.json) (`2024-01-19T00:15:19.627`) +* [CVE-2020-1579](CVE-2020/CVE-2020-15xx/CVE-2020-1579.json) (`2024-01-19T00:15:19.697`) +* [CVE-2020-1580](CVE-2020/CVE-2020-15xx/CVE-2020-1580.json) (`2024-01-19T00:15:19.770`) +* [CVE-2020-1581](CVE-2020/CVE-2020-15xx/CVE-2020-1581.json) (`2024-01-19T00:15:19.847`) +* [CVE-2020-1582](CVE-2020/CVE-2020-15xx/CVE-2020-1582.json) (`2024-01-19T00:15:19.910`) +* [CVE-2020-1583](CVE-2020/CVE-2020-15xx/CVE-2020-1583.json) (`2024-01-19T00:15:20.010`) +* [CVE-2020-1584](CVE-2020/CVE-2020-15xx/CVE-2020-1584.json) (`2024-01-19T00:15:20.120`) +* [CVE-2020-1585](CVE-2020/CVE-2020-15xx/CVE-2020-1585.json) (`2024-01-19T00:15:20.223`) +* [CVE-2020-1587](CVE-2020/CVE-2020-15xx/CVE-2020-1587.json) (`2024-01-19T00:15:20.300`) +* [CVE-2020-1591](CVE-2020/CVE-2020-15xx/CVE-2020-1591.json) (`2024-01-19T00:15:20.377`) +* [CVE-2020-1597](CVE-2020/CVE-2020-15xx/CVE-2020-1597.json) (`2024-01-19T00:15:20.457`) ## Download and Usage