Skip to main content
CVE-2020-0688 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains a remote code execution vulnerability caused by static cryptographic keys used in the Exchange Control Panel, allowing authenticated attackers to execute code as SYSTEM.

NVD Exploit-DB
CVSS 3.1
8.8
EPSS
94.4%
Threat
9.6
CVE-2020-0674 HIGH POC KEV PATCH THREAT Act Now

Internet Explorer scripting engine contains a use-after-free vulnerability allowing remote code execution through crafted web pages, exploited as a zero-day in January 2020 in targeted campaigns attributed to DarkHotel APT.

NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
93.6%
Threat
5.0
CVE-2020-0618 HIGH POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Deserialization Sql Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.0%
CVE-2020-0668 HIGH POC PATCH THREAT Act Now

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
26.1%
CVE-2020-6069 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6067 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6066 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6065 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6064 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-6063 HIGH POC This Week

An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-8429 HIGH POC This Week

The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Kinetica
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6416 HIGH POC This Week

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6415 HIGH POC This Week

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6404 HIGH POC This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6390 HIGH POC This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-6385 HIGH POC This Week

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6382 HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6381 HIGH POC This Week

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Backports Sle +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-6378 HIGH POC This Week

Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-0683 HIGH POC KEV PATCH THREAT This Week

An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1709 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
7.7%
CVE-2020-0792 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows Server 2016
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-0759 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Excel Office 365 Proplus
NVD
CVSS 3.1
8.8
EPSS
15.2%
CVE-2020-0738 HIGH PATCH This Week

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows 10 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2020-0734 HIGH PATCH This Week

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
15.9%
CVE-2020-0729 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
30.9%
CVE-2020-0662 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2020-6414 HIGH This Week

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6413 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6410 HIGH This Week

Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6409 HIGH This Week

Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6406 HIGH PATCH This Week

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Use After Free Denial Of Service Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6402 HIGH This Week

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6398 HIGH PATCH This Week

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6389 HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6388 HIGH This Week

Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6387 HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6380 HIGH This Week

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6379 HIGH This Week

Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-0692 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2020-0665 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.1
EPSS
4.4%
CVE-2020-5529 HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE Htmlunit Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
4.7%
CVE-2020-0655 HIGH PATCH This Week

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.0
EPSS
65.7%
CVE-2020-0757 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-0754 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2020-0753 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2020-0752 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-0750 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-0749 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-0747 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-0745 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy