Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-1210 | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 9.9 |
| 2020-08-17 | CVE-2020-1467 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles hard links. | 10.0 |
| 2020-07-14 | CVE-2020-1481 | Injection vulnerability in Microsoft Visual Studio Code Eslint Extension A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1458 | Untrusted Search Path vulnerability in Microsoft 365 Apps A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1449 | Origin Validation Error vulnerability in Microsoft 365 Apps, Office and Project 2016 A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1435 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1421 | Type Confusion vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1412 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1410 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'. | 9.3 |
| 2020-07-14 | CVE-2020-1409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |