admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-31T23:00:26.052769+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-31 23:00:29 +00:00
parent 3e3a2ed269
commit e5ecf99553
130 changed files with 3124 additions and 548 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2020/CVE-2020-06xx/CVE-2020-0648.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0648",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.057",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:43.680",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows RSoP Service Application Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.</p>\n<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>\n<p>The security update addresses the vulnerability by correcting how the Windows RSoP Service Application handles memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-06xx/CVE-2020-0664.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0664",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.137",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:43.880",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0856."
"value": "<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.</p>\n<p>To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.</p>\n<p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-07xx/CVE-2020-0718.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0718",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.510",
"lastModified": "2020-09-28T12:58:11.220",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:44.047",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0761."
"value": "<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p>\n<p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p>\n<p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-07xx/CVE-2020-0761.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0761",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.573",
"lastModified": "2020-09-28T12:58:11.220",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:44.220",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0718."
"value": "<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account</p>\n<p>To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server.</p>\n<p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-07xx/CVE-2020-0766.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0766",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.667",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:44.390",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1146."
"value": "<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p>\n<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>\n<p>The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-07xx/CVE-2020-0782.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0782",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.747",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:44.553",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory, aka 'Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>\n<p>The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-07xx/CVE-2020-0790.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0790",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.840",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:44.727",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'."
"value": "<p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p>\n<p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p>\n<p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0805.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0805",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.903",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:44.900",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections, aka 'Projected Filesystem Security Feature Bypass Vulnerability'."
"value": "<p>A security feature bypass vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.</p>\n<p>The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",

28
CVE-2020/CVE-2020-08xx/CVE-2020-0836.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0836",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:13.947",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:45.067",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1228."
"value": "<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.</p>\n<p>To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service.</p>\n<p>The update addresses the vulnerability by correcting how Windows DNS processes queries.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0837.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0837",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.010",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:45.240",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'ADFS Spoofing Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factors.</p>\n<p>To exploit this vulnerability, an attacker could send a specially crafted authentication request.</p>\n<p>This security update corrects how ADFS handles multi-factor authentication requests.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",

28
CVE-2020/CVE-2020-08xx/CVE-2020-0838.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0838",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.073",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:45.407",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when NTFS improperly checks access, aka 'NTFS Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p>\n<p>The security update addresses the vulnerability by correcting how NTFS checks access.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0839.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0839",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.137",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:45.577",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0856.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0856",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.200",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:45.757",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0664."
"value": "<p>An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.</p>\n<p>To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.</p>\n<p>The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0870.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0870",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.247",
"lastModified": "2020-09-17T17:18:41.283",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:45.970",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>\n<p>The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0875.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0875",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.307",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:46.170",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system (low-integrity to medium-integrity).</p>\n<p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p>\n<p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

31
CVE-2020/CVE-2020-08xx/CVE-2020-0878.json
View File

@ -2,16 +2,16 @@
"id": "CVE-2020-0878",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.370",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:46.347",
"vulnStatus": "Modified",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2022-05-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Browser Memory Corruption Vulnerability",
"cisaVulnerabilityName": "Microsoft Edge and Internet Explorer Memory Corruption Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'."
"value": "<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p>\n<p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>\n"
},
{
"lang": "es",
@ -21,8 +21,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -397,7 +417,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

28
CVE-2020/CVE-2020-08xx/CVE-2020-0886.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0886",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.433",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:46.517",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1559."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>\n<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-08xx/CVE-2020-0890.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0890",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.497",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:46.697",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0904."
"value": "<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p>\n<p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0904.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0904",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.543",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:46.877",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0890."
"value": "<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p>\n<p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0908.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0908",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.607",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:47.063",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory, aka 'Windows Text Service Module Remote Code Execution Vulnerability'."
"value": "<p>A remote code execution vulnerability exists when the Windows Text Service Module improperly handles memory. An attacker who successfully exploited the vulnerability could gain execution on a victim system.</p>\n<p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (Chromium-based), and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.</p>\n<p>The security update addresses the vulnerability by correcting how the Windows Text Service Module handles memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0911.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0911",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.667",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:47.243",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows Modules Installer handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0912.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0912",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.713",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:47.423",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.</p>\n<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>\n<p>The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-09xx/CVE-2020-0914.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0914",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.777",
"lastModified": "2020-09-15T17:28:40.650",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:47.610",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows State Repository Service handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0921.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0921",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.840",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:47.810",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1083."
"value": "Microsoft Graphics Component Denial of Service Vulnerability"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0922.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0922",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.887",
"lastModified": "2020-09-28T12:58:11.253",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:48.027",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Remote Code Execution Vulnerability'."
"value": "<p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p>\n<p>To exploit the vulnerability, a user would have to open a specially crafted file or lure the target to a website hosting malicious JavaScript.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0928.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0928",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.933",
"lastModified": "2020-09-15T18:17:43.503",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:48.230",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854."
"value": "<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p>\n<p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0941.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0941",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:14.980",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:48.410",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1250."
"value": "<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how win32k handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0951.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0951",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:15.043",
"lastModified": "2022-10-18T14:58:47.410",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:48.593",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'."
"value": "<p>A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.</p>\n<p>To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.</p>\n<p>The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0989.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0989",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:15.090",
"lastModified": "2020-09-15T18:41:34.767",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:48.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files.</p>\n<p>The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0997.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0997",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:15.153",
"lastModified": "2020-09-16T14:17:41.680",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:48.993",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'."
"value": "<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of the Windows Camera Codec Pack. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how the Windows Camera Codec Pack handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-09xx/CVE-2020-0998.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-0998",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:15.213",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:49.180",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.</p>\n<p>The update addresses the vulnerability by correcting the way in which the Microsoft Graphics Component handles objects in memory and preventing unintended elevation from user mode.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1012.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1012",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:17.807",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:53.373",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'WinINet API Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability:</p>\n<ul>\n<li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p>\n</li>\n<li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p>\n</li>\n</ul>\n<p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1013.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1013",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:17.857",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:53.567",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates, aka 'Group Policy Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.</p>\n<p>To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user.</p>\n<p>The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-10xx/CVE-2020-1030.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1030",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:17.950",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:53.750",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p>\n<p>The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1031.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1031",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:17.997",
"lastModified": "2020-09-16T17:00:13.883",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:53.947",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server, aka 'Windows DHCP Server Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p>\n<p>To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>The security update addresses the vulnerability by correcting how DHCP servers initializes memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1033.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1033",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.057",
"lastModified": "2020-09-15T18:58:56.353",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:54.143",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-16854."
"value": "<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>An authenticated attacker could exploit this vulnerability by running a specially crafted application.</p>\n<p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",

28
CVE-2020/CVE-2020-10xx/CVE-2020-1034.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1034",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.107",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:54.330",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-10xx/CVE-2020-1038.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1038",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.153",
"lastModified": "2020-09-15T19:26:38.257",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:54.507",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory, aka 'Windows Routing Utilities Denial of Service'."
"value": "<p>A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.</p>\n<p>The update addresses the vulnerability by correcting how Windows handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1039.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1039",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.200",
"lastModified": "2020-09-15T19:43:45.490",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:54.687",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1074."
"value": "<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p>\n<p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1044.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1044",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.260",
"lastModified": "2020-09-16T14:14:47.360",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:54.873",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'."
"value": "<p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.</p>\n<p>To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.</p>\n<p>The update addresses the vulnerability by modifying how SSRS validates attachment uploads.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",

26
CVE-2020/CVE-2020-10xx/CVE-2020-1045.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1045",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.307",
"lastModified": "2023-11-07T03:19:19.567",
"lastModified": "2023-12-31T22:15:55.070",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'."
"value": "<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>\n<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>\n<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1052.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1052",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.357",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:55.280",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1159, CVE-2020-1376."
"value": "<p>An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1053.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1053",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.417",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:55.490",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1308."
"value": "<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>\n<p>The update addresses the vulnerability by correcting how DirectX handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

29
CVE-2020/CVE-2020-10xx/CVE-2020-1057.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1057",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.463",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:55.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180."
"value": "<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p>\n<p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -134,7 +154,6 @@
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

28
CVE-2020/CVE-2020-10xx/CVE-2020-1074.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1074",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.557",
"lastModified": "2020-09-16T13:21:28.447",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:55.900",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1039."
"value": "<p>A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.</p>\n<p>An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1083.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1083",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.620",
"lastModified": "2020-09-16T12:57:57.590",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:56.083",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0921."
"value": "<p>An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1091.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1091",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.667",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:56.293",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1097."
"value": "<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user\u2019s system.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.</p>\n<p>The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1097.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1097",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.713",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:56.483",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1091."
"value": "<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user\u2019s system.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.</p>\n<p>The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-10xx/CVE-2020-1098.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1098",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.777",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:56.687",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Windows Shell Infrastructure Component Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>\n<p>The update addresses the vulnerability by correcting the way in which the Shell infrastructure component handles objects in memory and preventing unintended elevation from lower integrity application.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-11xx/CVE-2020-1115.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1115",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.823",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:56.883",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the <a href=\"https://technet.microsoft.com/library/security/dn848375.aspx#CLFS\">Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p>\n<p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-11xx/CVE-2020-1119.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1119",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.870",
"lastModified": "2020-09-15T20:11:59.637",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:57.060",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory, aka 'Windows Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists when StartTileData.dll improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The update addresses the vulnerability by correcting the way in which StartTileData.dll handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-11xx/CVE-2020-1122.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1122",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.917",
"lastModified": "2020-09-15T20:25:52.310",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:57.240",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka 'Windows Language Pack Installer Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows Language Pack Installer handles file operations.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1129.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1129",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:18.980",
"lastModified": "2020-09-15T20:23:13.697",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:57.410",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1319."
"value": "<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p>\n<p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-11xx/CVE-2020-1130.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1130",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.043",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:57.610",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133."
"value": "<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1133.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1133",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.090",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:57.803",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130."
"value": "<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1146.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1146",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.137",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:57.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0766."
"value": "<p>An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.</p>\n<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>\n<p>The security update addresses the vulnerability by correcting how the Microsoft Store Runtime handles memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1152.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1152",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.200",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:58.210",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka 'Windows Win32k Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p>\n<p>The update addresses the vulnerability by correcting how Windows handles calls to Win32k.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1159.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1159",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.247",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:58.403",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1376."
"value": "<p>An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the StartTileData.dll properly handles this type of function.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1169.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1169",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.307",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:58.583",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1303."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

29
CVE-2020/CVE-2020-11xx/CVE-2020-1172.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1172",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.357",
"lastModified": "2020-09-17T16:20:09.050",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:58.763",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180."
"value": "<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p>\n<p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -77,7 +97,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

29
CVE-2020/CVE-2020-11xx/CVE-2020-1180.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1180",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.403",
"lastModified": "2020-09-17T16:20:38.160",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:58.950",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172."
"value": "<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p>\n<p>If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -77,7 +97,6 @@
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1193.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1193",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.463",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:59.130",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1332, CVE-2020-1335, CVE-2020-1594."
"value": "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-11xx/CVE-2020-1198.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1198",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.510",
"lastModified": "2020-09-13T00:40:33.943",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:59.300",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575."
"value": "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1200.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1200",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.573",
"lastModified": "2020-09-13T01:44:15.577",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:59.480",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595."
"value": "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-12xx/CVE-2020-1205.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1205",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.620",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:59.670",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'."
"value": "<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-12xx/CVE-2020-1210.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1210",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.667",
"lastModified": "2020-09-13T01:39:42.237",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:15:59.840",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595."
"value": "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1218.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1218",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.713",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:00.030",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1338."
"value": "<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p>\n<p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1224.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1224",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.760",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:00.213",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user\u2019s computer or data.</p>\n<p>To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.</p>\n<p>The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-12xx/CVE-2020-1227.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1227",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.823",
"lastModified": "2020-09-13T00:39:52.347",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:00.387",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575."
"value": "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1228.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1228",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.887",
"lastModified": "2020-09-17T16:29:01.943",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:00.563",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836."
"value": "<p>A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.</p>\n<p>To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service.</p>\n<p>The update addresses the vulnerability by correcting how Windows DNS processes queries.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1245.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1245",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.933",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:00.747",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>\n<p>The update addresses this vulnerability by correcting how Win32k handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1250.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1250",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:19.997",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:00.960",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0941."
"value": "<p>An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how win32k handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-12xx/CVE-2020-1252.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1252",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.043",
"lastModified": "2020-09-17T16:49:09.910",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:01.147",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'."
"value": "<p>A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application.</p>\n<p>An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>The updates address the vulnerability by correcting how Windows handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-12xx/CVE-2020-1256.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1256",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.090",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:01.350",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'."
"value": "<p>An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.</p>\n<p>The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",

28
CVE-2020/CVE-2020-12xx/CVE-2020-1285.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1285",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.153",
"lastModified": "2020-09-17T17:02:25.523",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:01.557",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'."
"value": "<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability:</p>\n<ul>\n<li>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message.</li>\n<li>In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.</li>\n</ul>\n<p>The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1303.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1303",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.213",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:01.750",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1169."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.</p>\n<p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p>\n<p>The update addresses the vulnerability by correcting the way the Windows Runtime handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1308.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1308",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.277",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:01.933",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1053."
"value": "<p>An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>\n<p>The update addresses the vulnerability by correcting how DirectX handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1319.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1319",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.340",
"lastModified": "2022-12-06T21:31:03.603",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:02.123",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1129."
"value": "<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p>\n<p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1332.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1332",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.387",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:02.313",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1335, CVE-2020-1594."
"value": "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1335.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1335",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.450",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:02.493",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1594."
"value": "<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>\n<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1338.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1338",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.510",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:02.670",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1218."
"value": "<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p>\n<p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1345.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1345",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.573",
"lastModified": "2020-09-13T00:44:02.670",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:02.857",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575."
"value": "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",

28
CVE-2020/CVE-2020-13xx/CVE-2020-1376.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1376",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.637",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:03.030",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1052, CVE-2020-1159."
"value": "<p>An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the ssdpsrv.dll properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-14xx/CVE-2020-1440.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1440",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.683",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:03.210",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1523."
"value": "<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p>\n<p>To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.</p>\n<p>The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",

28
CVE-2020/CVE-2020-14xx/CVE-2020-1452.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1452",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.747",
"lastModified": "2020-09-13T01:35:55.057",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:03.397",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595."
"value": "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-14xx/CVE-2020-1453.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1453",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.793",
"lastModified": "2020-09-13T01:29:43.937",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:03.597",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595."
"value": "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-14xx/CVE-2020-1460.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1460",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.840",
"lastModified": "2020-09-17T15:16:56.630",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:03.760",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'."
"value": "<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.</p>\n<p>To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-14xx/CVE-2020-1471.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1471",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.917",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:03.927",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects, aka 'Windows CloudExperienceHost Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p>\n<p>The security update addresses the vulnerability by checking COM objects.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-14xx/CVE-2020-1482.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1482",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:20.980",
"lastModified": "2020-09-13T00:48:45.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:04.100",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575."
"value": "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",

28
CVE-2020/CVE-2020-14xx/CVE-2020-1491.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1491",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.027",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:04.273",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the Windows Function Discovery Service properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-15xx/CVE-2020-1506.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1506",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.073",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:04.467",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory, aka 'Windows Start-Up Application Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability:</p>\n<ul>\n<li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.</p>\n</li>\n<li><p>In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.</p>\n</li>\n</ul>\n<p>The security update addresses the vulnerability by ensuring the Wininit.dll properly handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-15xx/CVE-2020-1507.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1507",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.137",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:04.647",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory, aka 'Microsoft COM for Windows Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p>\n<p>To exploit the vulnerability, a user would have to open a specially crafted file.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-15xx/CVE-2020-1508.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1508",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.183",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:04.833",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1593."
"value": "<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p>\n<p>The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-15xx/CVE-2020-1514.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1514",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.247",
"lastModified": "2020-09-13T00:46:00.737",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:05.027",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575."
"value": "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",

28
CVE-2020/CVE-2020-15xx/CVE-2020-1523.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1523",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.293",
"lastModified": "2020-09-17T18:23:22.327",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:05.223",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440."
"value": "<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p>\n<p>To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.</p>\n<p>The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",

28
CVE-2020/CVE-2020-15xx/CVE-2020-1532.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1532",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.357",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:05.403",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows InstallService Elevation of Privilege Vulnerability'."
"value": "<p>An elevation of privilege vulnerability exists when the Windows InstallService improperly handles memory.</p>\n<p>To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.</p>\n<p>The security update addresses the vulnerability by correcting how the Windows InstallService handles memory.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-15xx/CVE-2020-1559.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1559",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.403",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:05.583",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0886."
"value": "<p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>\n<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-15xx/CVE-2020-1575.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1575",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.463",
"lastModified": "2020-09-13T00:52:21.553",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:05.780",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514."
"value": "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n"
},
{
"lang": "es",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [

28
CVE-2020/CVE-2020-15xx/CVE-2020-1576.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1576",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.527",
"lastModified": "2020-09-13T01:43:09.213",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:05.983",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595."
"value": "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",

28
CVE-2020/CVE-2020-15xx/CVE-2020-1589.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2020-1589",
"sourceIdentifier": "secure@microsoft.com",
"published": "2020-09-11T17:15:21.590",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-31T22:16:06.150",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854."
"value": "<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p>\n<p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>\n"
},
{
"lang": "es",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",

Some files were not shown because too many files have changed in this diff Show More