The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-1456 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft Office SharePoint XSS Vulnerability\'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1451. | LOW | Jul 15, 2020 |
| CVE-2020-1455 | A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service. To exploit the vulnerability, an attacker would first require execution on the victim system. The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files. | LOW | Aug 21, 2020 |
| CVE-2020-1454 | This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka \'Microsoft SharePoint Reflective XSS Vulnerability\'. | LOW | Jul 15, 2020 |
| CVE-2020-1453 | <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | HIGH | Sep 13, 2020 |
| CVE-2020-1452 | <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | HIGH | Sep 13, 2020 |
| CVE-2020-1451 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft Office SharePoint XSS Vulnerability\'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1456. | LOW | Jul 15, 2020 |
| CVE-2020-1450 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft Office SharePoint XSS Vulnerability\'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456. | LOW | Jul 15, 2020 |
| CVE-2020-1449 | A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka \'Microsoft Project Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1448 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \'Microsoft Word Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1447 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \'Microsoft Word Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1446 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \'Microsoft Word Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1445 | An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka \'Microsoft Office Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2020-1342. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1444 | A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka \'Microsoft SharePoint Remote Code Execution Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1443 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft SharePoint Spoofing Vulnerability\'. | LOW | Jul 15, 2020 |
| CVE-2020-1442 | A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka \'Office Web Apps XSS Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1440 | <p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user\'s profile data.</p> <p>To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.</p> <p>The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.</p> | MEDIUM | Sep 11, 2020 |
| CVE-2020-1439 | A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka \'PerformancePoint Services Remote Code Execution Vulnerability\'. | MEDIUM | Jul 16, 2020 |
| CVE-2020-1438 | An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \'Windows Network Connections Service Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428. | MEDIUM | Jul 16, 2020 |
| CVE-2020-1437 | An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka \'Windows Network Location Awareness Service Elevation of Privilege Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1436 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka \'Windows Font Library Remote Code Execution Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1435 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \'GDI+ Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1434 | An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka \'Windows Sync Host Service Elevation of Privilege Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1433 | An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka \'Microsoft Edge PDF Information Disclosure Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1432 | An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka \'Skype for Business via Internet Explorer Information Disclosure Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1431 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka \'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1430 | An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \'Windows UPnP Device Host Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1354. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1429 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka \'Windows Error Reporting Manager Elevation of Privilege Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1428 | An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \'Windows Network Connections Service Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1438. | MEDIUM | Jul 16, 2020 |
| CVE-2020-1427 | An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka \'Windows Network Connections Service Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1373, CVE-2020-1390, CVE-2020-1428, CVE-2020-1438. | MEDIUM | Jul 16, 2020 |
| CVE-2020-1426 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419. | LOW | Jul 15, 2020 |
| CVE-2020-1425 | A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka \'Microsoft Windows Codecs Library Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2020-1457. | MEDIUM | Jul 27, 2020 |
| CVE-2020-1424 | An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka \'Windows Update Stack Elevation of Privilege Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1423 | An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka \'Windows Subsystem for Linux Elevation of Privilege Vulnerability\'. | MEDIUM | Jul 15, 2020 |
| CVE-2020-1422 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka \'Windows Runtime Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415. | MEDIUM | Jul 17, 2020 |
| CVE-2020-1421 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka \'LNK Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1420 | An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \'Windows Error Reporting Information Disclosure Vulnerability\'. | LOW | Jul 15, 2020 |
| CVE-2020-1419 | An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426. | LOW | Jul 15, 2020 |
| CVE-2020-1418 | An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka \'Windows Diagnostics Hub Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1393. | HIGH | Jul 15, 2020 |
| CVE-2020-1417 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | HIGH | Aug 21, 2020 |
| CVE-2020-1416 | An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka \'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1415 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka \'Windows Runtime Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1422. | MEDIUM | Jul 17, 2020 |
| CVE-2020-1414 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka \'Windows Runtime Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1415, CVE-2020-1422. | MEDIUM | Jul 16, 2020 |
| CVE-2020-1413 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka \'Windows Runtime Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422. | MEDIUM | Jul 16, 2020 |
| CVE-2020-1412 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \'Microsoft Graphics Components Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1411 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \'Windows Kernel Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2020-1336. | HIGH | Jul 15, 2020 |
| CVE-2020-1410 | A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka \'Windows Address Book Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1409 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka \'DirectWrite Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1408 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka \'Microsoft Graphics Remote Code Execution Vulnerability\'. | HIGH | Jul 15, 2020 |
| CVE-2020-1407 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401. | HIGH | Jul 15, 2020 |
| CVE-2020-1406 | An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka \'Windows Network List Service Elevation of Privilege Vulnerability\'. | HIGH | Jul 15, 2020 |
