Skip to main content
CVE-2020-0711 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Edge Chakracore
NVD
CVSS 3.1
7.5
EPSS
10.1%
CVE-2020-0710 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Edge Chakracore
NVD
CVSS 3.1
7.5
EPSS
10.1%
CVE-2020-0681 HIGH PATCH This Week

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
10.2%
CVE-2020-0673 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
9.9%
CVE-2020-0660 HIGH PATCH This Week

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-1942 HIGH PATCH This Week

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Nifi
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-8596 HIGH This Week

participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress SQLi PHP Participants Database
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-7217 HIGH This Week

An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wicked
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-3935 HIGH This Week

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dr Id Access Control Dr Id Attendance System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-0730 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.1
EPSS
0.9%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy