Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-21 CVE-2020-1058 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.
network
high complexity
microsoft CWE-119
7.6
2020-05-21 CVE-2020-1054 Out-of-bounds Write vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-787
7.2
2020-05-21 CVE-2020-1048 Incorrect Resource Transfer Between Spheres vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-669
7.2
2020-05-21 CVE-2020-1037 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
network
high complexity
microsoft CWE-119
7.6
2020-05-21 CVE-2020-1035 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.
network
high complexity
microsoft CWE-119
7.6
2020-05-21 CVE-2020-1010 Improper Privilege Management vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-269
7.2
2020-05-21 CVE-2020-0901 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps and Office
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-119
7.5
2020-05-21 CVE-2019-20804 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
network
low complexity
gilacms CWE-352
8.8
2020-05-21 CVE-2020-10738 Improper Input Validation vulnerability in Moodle
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions.
network
low complexity
moodle CWE-20
8.8
2020-05-21 CVE-2020-5752 Path Traversal vulnerability in Druva Insync Client 6.6.3
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
local
low complexity
druva CWE-22
7.8