Skip to main content
CVE-2020-3776 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3774 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3773 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2020-3772 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Adobe Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3770 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Adobe Photoshop 2020 +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-3802 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Acrobat Dc +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-2171 HIGH PATCH This Week

Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Rapiddeploy
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-2168 HIGH PATCH This Week

Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Jenkins Azure Container Service
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2167 HIGH PATCH This Week

Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Openshift Pipeline
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-2166 HIGH PATCH This Week

Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Pipeline
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-2160 HIGH PATCH This Week

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-5558 HIGH This Week

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Cutenews
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-9552 HIGH PATCH This Week

Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2020-9551 HIGH PATCH This Week

Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2020-3803 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an insecure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Privilege Escalation Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-3766 HIGH This Week

Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Adobe Privilege Escalation Genuine Integrity Service
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-6809 HIGH This Week

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3777 HIGH This Week

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-3769 HIGH This Week

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe SSRF Information Disclosure Experience Manager
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-3761 HIGH This Week

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-5281 HIGH PATCH This Week

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection LDAP Information Disclosure Perun
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-5280 HIGH PATCH This Week

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Http4S
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-3806 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-3804 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-3800 HIGH This Week

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-2165 HIGH PATCH This Week

Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Artifactory
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-5261 MEDIUM PATCH This Month

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2020-6808 MEDIUM This Month

When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-2164 MEDIUM PATCH This Month

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Artifactory
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10791 MEDIUM PATCH This Month

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Grafana SSRF PHP Openitcockpit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-2169 MEDIUM PATCH This Month

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Queue Cleanup
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-5559 MEDIUM This Month

Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wl Enq
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5557 MEDIUM This Month

Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cutenews
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5552 MEDIUM This Month

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3808 MEDIUM PATCH This Month

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Creative Cloud
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2020-9520 MEDIUM This Month

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vibe
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-5277 MEDIUM PATCH This Month

PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Faceted Search Module
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2170 MEDIUM PATCH This Month

Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rapiddeploy
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2163 MEDIUM PATCH This Month

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-2162 MEDIUM PATCH This Month

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-2161 MEDIUM PATCH This Month

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-10790 MEDIUM PATCH This Month

openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openitcockpit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-6813 MEDIUM This Month

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-6812 MEDIUM This Month

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-6810 MEDIUM This Month

After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-3791 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3782 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3781 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3778 MEDIUM This Month

Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
CVE-2020-3771 MEDIUM This Month

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Photoshop 2020 Photoshop Cc
NVD
CVSS 3.1
4.3
EPSS
2.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy