National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows
There are 4,321 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-8146

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.

Published: April 01, 2020; 07:15:13 PM -04:00
V3.1: 7.8 HIGH
    V2: 6.9 MEDIUM
CVE-2020-8145

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer.

Published: April 01, 2020; 07:15:13 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-8144

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer.

Published: April 01, 2020; 07:15:13 PM -04:00
V3.1: 8.4 HIGH
    V2: 5.2 MEDIUM
CVE-2020-10868

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process.

Published: April 01, 2020; 02:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10867

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled.

Published: April 01, 2020; 02:15:15 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-10866

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and access points from a Low Integrity process via RPC.

Published: April 01, 2020; 02:15:14 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10865

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the Components section of the Stats.ini file via RPC from a Low Integrity process.

Published: April 01, 2020; 02:15:14 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10864

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.

Published: April 01, 2020; 01:15:16 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-10863

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.

Published: April 01, 2020; 01:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10862

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC.

Published: April 01, 2020; 01:15:15 PM -04:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2020-10861

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled.

Published: April 01, 2020; 01:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2020-10860

An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).

Published: April 01, 2020; 01:15:15 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-10964

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

Published: March 25, 2020; 06:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-3791

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Published: March 25, 2020; 05:15:14 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-3790

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: March 25, 2020; 05:15:13 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-3789

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: March 25, 2020; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-3788

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: March 25, 2020; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-3787

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: March 25, 2020; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-3786

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: March 25, 2020; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-3785

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Published: March 25, 2020; 05:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH