Filtered by vendor Microsoft Subscriptions
Filtered by product Windows 7 Subscriptions
Total 3090 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-1640 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-7808 2 Microsoft, Raonwiz 4 Windows 10, Windows 7, Windows 8 and 1 more 2024-11-21 8.7 High
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.
CVE-2020-7804 2 Handysoft, Microsoft 4 Groupware, Windows 10, Windows 7 and 1 more 2024-11-21 6.4 Medium
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
CVE-2020-7485 2 Microsoft, Schneider-electric 4 Windows 7, Windows Nt, Windows Xp and 1 more 2024-11-21 9.8 Critical
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1
CVE-2020-7484 2 Microsoft, Schneider-electric 4 Windows 7, Windows Nt, Windows Xp and 1 more 2024-11-21 7.5 High
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
CVE-2020-7483 2 Microsoft, Schneider-electric 4 Windows 7, Windows Nt, Windows Xp and 1 more 2024-11-21 7.5 High
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.
CVE-2020-24588 9 Arista, Cisco, Debian and 6 more 351 C-100, C-100 Firmware, C-110 and 348 more 2024-11-21 3.5 Low
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
CVE-2020-1599 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2024-11-21 5.5 Medium
Windows Spoofing Vulnerability
CVE-2020-1598 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 6.1 Medium
<p>An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p> <p>The update addresses the vulnerability by correcting how the Windows UPnP service handles objects in memory.</p>
CVE-2020-1596 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 5.4 Medium
<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.</p> <p>To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.</p> <p>The update addresses the vulnerability by correcting how TLS components use hash algorithms.</p>
CVE-2020-1593 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.6 High
<p>A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p> <p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p> <p>The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects.</p>
CVE-2020-1589 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 4.4 Medium
<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>
CVE-2020-1587 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Ancillary Function Driver for WinSock handles memory.
CVE-2020-1584 1 Microsoft 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more 2024-11-21 7.8 High
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.
CVE-2020-1579 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how the Windows Function Discovery SSDP Provider handles memory.
CVE-2020-1577 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
CVE-2020-1570 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked &quot;safe for initialization&quot; in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
CVE-2020-1567 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 4.2 Medium
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input.
CVE-2020-1565 1 Microsoft 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more 2024-11-21 7.5 High
An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how Windows handles junctions.
CVE-2020-1564 1 Microsoft 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more 2024-11-21 7.8 High
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.